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Abstract — We consider timed Petri nets, i.e., unbounded Petri 
nets where each token carries a real-valued clock. Transition arcs 
are labeled with time intervals, which specify constraints on the 
ages of tokens. Our cost model assigns token storage costs per 
time unit to places, and firing costs to transitions. We study the 
cost to reach a given control-state. In general, a cost-optimal run 
may not exist. However, we show that the infinuim of the costs 
is computable. 
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I. Introduction 

Petri nets (TJ, J2) are a widely used model for the study and 
analysis of concurrent systems. Many different formalisms 
have been proposed which extend Petri nets with clocks 
and real-time constraints, leading to various definitions of 
Timed Petri nets (TPNs). A complete discussion of all these 
formalisms is beyond the scope of this paper and the interested 
reader is referred to the surveys in [0], [0]. 

An important distinction is whether the time model is dis- 
crete or continuous. In discrete-time nets, time is interpreted as 
being incremented in discrete steps and thus the ages of tokens 
are in a countable domain, commonly the natural numbers. 
Such discrete-time nets have been studied in, e.g., 0, (6|. 
In continuous-time nets, time is interpreted as continuous, 
and the ages of tokens are real numbers. Some problems for 
continuous-time nets have been studied in Q, (8), J9), iflOl . 

In parallel, there have been several works on extending 
the model of timed automata ifTTl with prices (weights) (see 
e.g., fi"2l . Ifl3ll . [14)). Weighted timed automata are suitable 
models for embedded systems, where we have to take into 
consideration the fact that the behavior of the system may be 
constrained by the consumption of different types of resources. 
Concretely, weighted timed automata extend classical timed 
automata with a cost function Cost that maps every location 
and every transition to a nonnegative integer (or rational) 
number. For a transition, Cost gives the cost of performing the 
transition. For a location, Cost gives the cost per time unit for 
staying in the location. In this manner, we can define, for each 
computation of the system, the accumulated cost of staying in 
locations and performing transitions along the computation. 

Here we consider a very expressive model that subsumes 
all models mentioned above. Priced Timed Petri Nets (PTPN) 
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are a generalization of classic Petri nets |Qj with real-valued 
(i.e., continuous-time) clocks, real-time constraints, and prices 
for computations. 

Each token is equipped with a real-valued clock, represent- 
ing the age of the token. The firing conditions of a transition 
include the usual ones for Petri nets. Additionally, each arc 
between a place and a transition is labeled with a time-interval 
whose bounds are natural numbers (or possibly oo as upper 
bound). These intervals can be open, closed or half open. 
When firing a transition, tokens which are removed/added 
from/to places must have ages lying in the intervals of the 
corresponding transition arcs. Furthermore, we add special 
read-arcs to our model. These affect the enabledness of 
transitions, but, unlike normal arcs, they do not remove the 
token from the input place. Read arcs preserve the exact age 
of the input token, unlike the scenario where a token is first 
removed and then replaced. Read arcs are necessary in order 
to make PTPN subsume the classic priced timed automata of 
fl4l . We assign a cost to computations via a cost function 
Cost that maps transitions and places of the Petri net to 
natural numbers. For a transition t, Cost(t) gives the cost of 
performing the transition, while for a place p, Cost(p) gives 
the cost per time unit per token in the place. 

PTPN are a continuous-time model which subsumes the 
continuous-time TPN of Q, (8), |9), IflOl and the priced timed 
automata of Q3, [TJ], El- It should be noted that PTPN are 
infinite-state in several different ways. First, the Petri net itself 
is unbounded. So the number of tokens (and thus the number 
of clocks) can grow beyond any bound, i.e., the PTPN can 
create and destroy arbitrarily many clocks. In that PTPN differ 
from the priced timed automata of lfl2l . ifTJl . Ifl4l . which have 
only a finite number of control-states and only a fixed finite 
number of clocks. Secondly, every single clock value is a real 
number of which there are uncountably many. 
Our contribution. We study the cost to reach a given 
control-state in a PTPN. In Petri net terminology, this is 
called a control-state reachability problem or a coverability 
problem. The related reachability problem (i.e., reaching a 
particular configuration) is undecidable for (continuous-time 
and discrete-time) TPN 0, even without taking costs into 
account. In general, a cost-optimal computation may not exist 
(e.g., even in priced timed automata it can happen that there 
is no computation of cost 0, but there exist computations of 
cost < e for every e > 0). However, we show that the infimum 
of the costs is computable. 



This cost problem had been shown to be decidable for the 
much simpler model of discrete-time PTPN in [15|. However, 
discrete-time PTPN do not subsume the priced timed automata 
of |[T4ll . Moreover, the techniques from ITT31 do not carry over 
to the continuous-time domain (e.g., arbitrarily many delays 
of length 2" for n = 1, 2, . . . can can happen in < 1 time). 
Outline of Used Techniques. Since the PTPN model is very 
expressive, several powerful new techniques are developed to 
analyze them. These are interesting in their own right and can 
be instantiated to solve other problems. 

In Section HI] we define PTPN and the priced coverability 
problem, and describe its relationship with priced timed au- 
tomata and Petri nets. Then, in Sections HIH - TV1 we reduce the 
priced coverability problem for PTPN to a coverability prob- 
lem in an abstracted untimed model called AC-PTPN. This 
abstraction is done by an argument similar to a construction 
in fl4l . where parameters indicating a feasible computation 
are contained in a polyhedron, which is described by a totally 
unimodular matrix. However, our class of matrices is more 
general than in [14|, because PTPN allow the creation of new 
clocks with a nonzero value. The resulting AC-PTPN are still 
much more expressive than Petri nets, because their configu- 
rations are arbitrarily long sequences of multisets. Moreover, 
the transitions of AC-PTPN are not monotone, because larger 
configurations cost more and might thus exceed the cost limit. 
In order to solve coverability for AC-PTPN, we develop a very 
general method to solve reachability/coverability problems in 
infinite-state transition systems which are more general than 
the well-quasi-ordered/well-structured transition systems of 
1 16 1, [ 17 1 . We call this method the abstract phase construction, 
and it is described in abstract terms in Section |VI] In particular, 
it includes a generalization of the Valk-Jantzen construction 
1 18 1 to arbitrary well-quasi-ordered domains. In Section [VTA 
we instantiate this abstract method with AC-PTPN and prove 
the main result. This instantiation is nontrivial and requires 
several auxiliary lemmas, which ultimately use the decidability 
of the reachability problem for Petri nets with one inhibitor 
arc [19|. There exist close connections between timed Petri 
nets, Petri nets with one inhibitor arc, and transfer nets. 

II. Priced Timed Petri Nets 

a) Preliminaries: We use N,R>o,R>o to denote the 
sets of natural numbers (including 0), nonnegative reals, and 
strictly positive reals, respectively. For a natural number k, we 
use N* 1 and Njj to denote the set of vectors of size k over N and 
Nu {uj}, respectively (u represents the first limit ordinal). For 
n e N, we use [n] to denote the set {0, . . . , n}. For x e R> , 
we use frac (x) to denote the fractional part of x. We use a 
set Intrv of intervals. An open interval is written as (w : z) 
where w e N and z 6 Nu{oo}. Intervals can also be closed in 
one or both directions, e.g. [w ■ z] is closed in both directions 
and [w : z) is closed to the left and open to the right. 

For a set A, we use A* and A e to denote the set of finite 
words and finite multisets over A, respectively. We view a 
multiset 6 over A as a mapping 6 : A >-* N. Sometimes, 
we write finite multisets as lists (possibly with multiple 



occurrences), so both [2.4,2.4,2.4,5.1,5.1] and [2.4 3 , 5.1 2 ] 
represent a multiset b over R>o where b(2A) = 3, 6(5.1) = 2 
and b(x) = for x + 2.4,5.1. For multisets b\ and 62 over 
A, we say that 61 < 62 if 61(a) < 62(a) for each a e A. We 
define 61 +62 to be the multiset 6 where 6(a) = 61(a) +62(0), 
and (assuming 61 < 62) we define 62 - 61 to be the multiset 
6 where 6(a) = 62(a) - 61(a), for each a e A. We use 
a € 6 to denote that 6(a) > 0. We use or [] to denote 
the empty multiset and e to denote the empty word. Let 
(^4,<) be a poset. We define a partial order < w on A* as 
follows. Let ai . . . a„ < w 61 . . . b m iff there is a subsequence 
bj 1 . . . bj n of 61 . . . b m s.t. Vfc 6 {1, . . . , n}. afc < 6j fc . A subset 
B £ A, is said to be upward closed in A if ai 6 B, 02 e A 
and ai < a2 implies a2 e B. If A is known from the 
context, then we say simply that B is upward closed. For 
B c A we define the upward closure B f to be the set 
{a € A\ 3a' e B : a' < a}. A downward closed set B and the 
downward closure B | are defined in a similar manner. We 
use a|, a|, a instead of {a}t, {a}|, {a}, respectively. Given 
a transition relation — >, we denote its transitive closure by 
— > and its reflexive-transitive closure by — >. Given a set of 

configurations C, let Pre >(C) = {c'|3c e C.c' — ► c} and 

Pre*_^(C) = {c' I 3c e C. c' c}. 

b) Priced Timed Petri Nets: A Priced Timed Petri Net 
(PTPN) is a tuple Af = (Q,P,T, Cost) where Q is a finite 
set of control-states and P is a finite set of places. T 
is a finite set of transitions, where each transition t e T 
is of the form t = (gi,Q2, In, Read, Out). We have that 
<7i , Q2 e Q are the source and target control-state, respectively, 
and In, Read, Out e (P x Intrv) e are finite multisets over 
P x Intrv which define the input-arcs, read-arcs and output- 
arcs of t, respectively. Cost : P u T N is the cost function 
assigning firing costs to transitions and storage costs to places. 
Note that it is not a restriction to use integers for time bounds 
and costs in PTPN. By the same standard technique as in timed 
automata, the problem for rational numbers can be reduced 
to the integer case (by multiplying all numbers with the 1cm 
of the divisors). To simplify the presentation we use a one- 
dimensional cost. This can be generalized to multidimensional 
costs; see Section [X] We let cmax denote the maximum 
integer appearing on the arcs of a given PTPN. A configuration 
of Af is a tuple (g, M) where q e Q is a control-state and M 
is a marking of AT. A marking is a multiset over P x K>o, i.e., 
M € (PxR> o ) . The marking M defines the numbers and 
ages of tokens in each place in the net. We identify a token 
in a marking M by the pair (p, x) representing its place and 
age in M. Then, M(p,x) defines the number of tokens with 
age x in place p. Abusing notation, we define, for each place 
p, a multiset M(p) over R>o, where M(p)(x) = M(p,x). 

For a marking M of the form [(pi,xi) , ... , (p n ,x n )] 
and x e R >0 , we use M +x to denote the marking 
[(pi,xi + x) , ... , (p n , x n + x)]. 

c) Computations: We define two transition relations on 
the set of configurations: timed transition and discrete tran- 
sition. A timed transition increases the age of each token 



by the same real number. Formally, for x e R >0 ,q e Q, 
we have (q,Mi) -^ T ime (<?,M 2 ) if M 2 = M{ x . We use 

(9, Mi) ''Time (q, M2) tO denote that (q,AI\) > Time 

(q,M2) for some x e R >0 . 

We define the set of discrete transitions — >Disc as 
Ut € T — > t, where — >t represents the effect of firing the 
discrete transition t. To define — > t formally, we need the 
auxiliary predicate match that relates markings with the 
inputs/reads/outputs of transitions. Let M e (PxR> )° and 
ae (Fx Intrv) @ . Then match(M , a) holds iff there exists 
a bijection / : M >->■ a s.t. for every (p, x) e M we 
have f((p,x)) = (p' ,1) with p' = p and x e I. Let 
£ = (qi,q2, In, Read, Out) e T. Then we have a discrete tran- 
sition (qi,Mi) — > t (q2,M 2 ) iff there exist I,0,R,M{ est e 
(PxM>o) s.t. the following conditions are satisfied: 

. Mi = I + R + M[ est 

• match(I, In), match(R, Read) and match(0, Out). 

. M 2 = + R + M[ est 
We say that t is enabled in Mi) if the first two conditions 
are satisfied. A transition i may be fired iff for each input- 
arc and each read-arc, there is a token with the right age in 
the corresponding input place. These tokens in / matched to 
the input arcs will be removed when the transition is fired, 
while the tokens in R matched to the read-arcs are kept. 
The newly produced tokens in O have ages which are chosen 
nondeterministically from the relevant intervals on the output 
arcs of the transitions. This semantics is lazy, i.e., enabled 
transitions do not need to fire and can be disabled again. 

We write — ► = — >Time u — ► Disc to denote all transitions. 
For sets C, C of configurations, we write C — ► C to denote 
that c — ► d for some c e C and c' € C'. A computation 
7r (from c to c') is a sequence of transitions cq — > c% — > 
. . . — ► c„ such that cq = c and c n = d . We write c — ► c' 
to denote that tt is a computation from c to c'. Similarly, we 
write C — ► C to denote that 3ci e C,c n e C. C\ — ► c n . 

d) Costs: The cost of a computation consisting 
of one discrete transition t e T is defined as 
Cost{{qx,Mx) — > t (q2,M 2 )) ■= Cost(t). The cost of 
a computation consisting of one timed transition is defined by 
Cost((q,M) (q,M +x )) := x * £ p€P \M(p)\ * Cost(p). 
The cost of a computation is the sum of all transition costs in 
it, i.e., Coat ((ft, Mi) (q 2 ,M 2 ) (q n ,M n )) := 
E l£l< „ Cost{{ qi ,M % ) (q l+1 ,M l+1 )). We write C C 
to denote that there is a computation 7r such that C — ► C 
and Cost (ir) < v. We define OptCost (C,C) to be the 
infimum of the set lv\ C C'j, i.e., the infimum of the 
costs of all computations leading from C to C . We use the 
infimum, because the minimum does not exist in general. We 
partition the set of places P = P c u Pf where Cost (p) > 
for p e P c and Cost (p) = for p e Pf. The places in P c are 
called cost-places and the places in Pf are called free-places. 

e) Relation of PTPN to Other Models: PTPN subsume 
the priced timed automata of [12], fl3l . 03 1 via the following 
simple encoding. For every one of the finitely many clocks of 
the automaton we have one place in the PTPN with exactly one 



token on it whose age encodes the clock value. We assign cost 
zero to these places. For every control-state s of the automaton 
we have one place p s in the PTPN. Place p s contains exactly 
one token iff the automaton is in state s, and it is empty 
otherwise. An automaton transition from state s to state s' 
is encoded by a PTPN transition consuming the token from 
p s and creating a token on p s >. The transition guards referring 
to clocks are encoded as read-arcs to the places which encode 
clocks, labeled with the required time intervals. Note that open 
and half-open time intervals are needed to encode the strict 
inequalities used in timed automata. Clock resets are encoded 
by consuming the timed token (by an input-arc) and replacing 
it (by an output-arc) with a new token on the same place with 
age 0. The cost of staying in state s is encoded by assigning 
a cost to place p s , and the cost of performing a transition 
is encoded as the cost of the corresponding PTPN transition. 
Also PTPN subsume fully general unbounded (i.e., infinite- 
state) Petri nets (by setting all time intervals to [0 : oo) and 
thus ignoring the clock values). 

Note that (just like for timed automata) the problems for 
continuous-time PTPN cannot be reduced to (or approximated 
by) the discrete-time case. Replacing strict inequalities with 
non-strict ones might make the final control-state reachable, 
when it originally was unreachable. 

f) The Priced Coverability Problem: We will consider 
two variants of the cost problem, the Cost-Threshold problem 
and the Cost-Optimality problem. They are both characterized 
by an initial control state qi n n and a final control state qfi n . 

Let Ci n it = (qinit,[]) be the initial configuration and 
C fin = {(q fin ,M) \M € (P x R>o) } the set of final configu- 
rations defined by the control-state qfi n . I.e., we start from a 
configuration where the control state is qi n n and where all the 
places are empty, and then consider the cost of computations 
that takes us to qfi n . (If Cinit contained tokens with a non- 
integer age then the optimal cost might not be an integer.) 

In the Cost-Threshold problem we ask the question whether 
OptCost {Cinit, Cfin) ^ v for a given threshold v e N. 

In the Cost-Optimality problem, we want to compute 
OptCost (Cinit, Cfin)- (Example in Appendix A.) 

III. Computations in 5-Form 

We show that, in order to solve the cost problems it is sufficient 
to consider computations of a certain form where the ages of 
all the tokens are arbitrarily close to an integer. 

The decomposition of a PTPN marking M into its fractional 
parts M- m , . . . , M_i,Mo, Mi, . . . , M n , is uniquely defined by 
the following properties: 

. M = M_ m + • • • + M_i + M + Mi + • • • + M„. 

• If (p,x) e Mi and i < then frac(x) > 1/2. If (p,x) e 
M then frac(x) = 0. If (p, x) 6 Mi and i > then 
frac(x) < 1/2. 

• Let (pi,Xi) € Mi and (pj,Xj) e Mj. Then frac(xi) = 
frac (xj) iff i = j, and if -m < i < j < or < i < j < n 
then frac (xi ) < frac (xj). 

• Mi + if i + (Mq can be empty, but the other Mj must 
be non-empty in order to get a unique representation.) 



We say that a timed transition (q, M) — > (q,M ! ) is detailed 
iff at most one fractional part of any token in M changes 
its status about reaching or exceeding the next higher integer 
value. Formally, let e be the fractional part of the token ages 
in M_ l5 or e = 1/2 if M_i does not exist. Then (q,M) 
(q,M') is detailed iff either < x < 1 - e (i.e., no tokens 
reach the next integer), or Mo = and x = e (no tokens 
had integer age, but those in M_i reach integer age). Every 
computation of a PTPN can be transformed into an equivalent 
one (w.r.t. reachability and cost) where all timed transitions are 
detailed. Thus we may assume w.l.o.g. that timed transitions 
are detailed. This property is needed to obtain a one-to-one 
correspondence between PTPN steps and the steps of A-PTPN, 
defined in the next section. 

For <5 e (0 : 1/5] the marking [(pi, xt) , . . . , (p n , x n )] is 
in S-form if, for all i : 1 < i < n, it is the case that either (i) 
frac(xi) < 8 (low fractional part), or (ii) frac(xi) > 1-6 (high 
fractional part). I.e., the age of each token is close to (within 
< <5) an integer. We choose 8 < 1/5 to ensure that the cases (i) 
and (ii) do not overlap, and that they still do not overlap for 
a new 5' < 2/5 after a delay of < 1/5 time units. 

The occurrence of a discrete transition t is said to be in 
(5-form if its output O is in (5-form, i.e., the ages of the newly 
generated tokens are close to an integer. This is not a property 
of the transition t as such, but a property of its occurrence, 
because it depends on the particular choice of O. 

Let TV = (Q,P,T, Cost) be a PTPN and C mlt = (q tmt , []) 
mdC fin = {(q fin ,M) |Me(PxM> o ) } as in the last section. 

For < 8 < 1/5, the computation ir is in (5-form iff (1) every 
occurrence of a discrete transition Ci — >t Q+i is in <5-form, 
and (2) for every timed transition Q — ► c,+i we have either 
x 6 (0 : (5) or x e (1 - <5 : 1). We show that, in order to 
find the infimum of the possible costs, it suffices to consider 
computations in 5-form, for arbitrarily small values of 8 > 0. 

Lemma 1. Let C init C fin , where ir is C init = c — > 
. . . — > ci en gth £ Cfi n . Then for every 8 > there exists a 

computation ir' in S-form where Cinit — ► Cfi n , where tt' is 

C im t = C' Q ► . . . ► c'length 6 C fin Cost (tt') < Cost (n), 

7T and ir' have the same length and Vi : < i < length. \ci\ = 
\c\\. Furthermore, if it is detailed then ir' is detailed. 

Corollary 2. For every 8 > we have OptCost (Cinit, Cfi n ) = 
inf{ Cost (tt) \ C in u — >Cfi n ,7T in 8-form). 

IV. Abstract PTPN 

We now reduce the Cost-Optimality problem to a simpler 
case without explicit clocks by defining a new class of 
systems called abstract PTPN (for short A-PTPN), whose 
computations represent PTPN computations in (5-form, for 
infinitesimally small values of 8 > 0. For each PTPN 
TV = (Q,P,T, Cost), we define a corresponding A-PTPN 
N' (sometimes denoted by aptpn (TV)). The A-PTPN TV' is 
syntactically of the same form (Q,P,T, Cost) as TV. However, 
TV' induces a different transition system (its configurations and 
operational semantics are different). Below we define the set 



of markings of the A-PTPN, and then describe the transition 
relation. We will also explain the relation to the markings and 
the transition relation induced by the original PTPN. 

g) Markings and Configurations: Fix a 8 : < <5 < 
2/5. A marking M of TV in (5-form is encoded by a 
marking aptpn (M) of TV' which is described by a triple 
(w hl9h ,b a ,w low ) where w hlgh ,w low e ((P x [cmax + l]) )* 
and bo e (P x [cmax + l]) . The ages of the tokens in 
aptpn (M) are integers and therefore only carry the integral 
parts of the tokens in the original PTPN. However, the marking 
aptpn (M) carries additional information about the fractional 
parts of the tokens as follows. The tokens in w hlgh represent 
tokens in M that have high fractional parts (their values are at 
most 8 below the next integer); the tokens in w low represent 
tokens in M that have low fractional parts (their values at most 
8 above the previous integer); while tokens in b represent 
tokens in M that have zero fractional parts (their values are 
equal to an integer). Furthermore, the ordering among the 
fractional parts of tokens in w htgh (resp. w low ) is represented 
by the positions of the multisets to which they belong in w ht9h 
(resp. w low ). Let M = M_ m , . . . , M_i, M , M u . . . , M n be 
the decomposition of M into fractional parts. Then we define 
aptpn (M) := (w Mgh ,b a ,w low ) with w htgh = b- m ...b- 1 , 
and w low = h...bn, where b t {{p,[x\)) = M t ((p,x)) if 
x < cmax. (This is well defined, because Mi contains 
only tokens with one particular fractional part.) Furthermore, 
bi((p, cmax + 1)) = Y, y>cmax M((p,y)), i.e., all tokens whose 
age is > cmax are abstracted as tokens of age cmax + 1, 
because the PTPN cannot distinguish between token ages 
> cmax. Note that w htgh and w low represent tokens with 
fractional parts in increasing order. An A-PTPN configuration 
is a control-state plus a marking. If we apply aptpn to a set 
of configurations (i.e., aptpn(Cfi n )), we implicitly restrict this 
set to the subset of configurations in 2/5-form. 

h) Transition Relation: The transitions on 
the A-PTPN are defined as follows. For every 
discrete transition t = (qi,q 2 , In, Read, Out) e 
T we have (qx, b- m . . . 6_i, 6 , &i • • ■ K) — ►* 
(q2,c- m > . . . c_i, Co, Ci . . . c n >) if the following conditions 
are satisfied: For every i : -m < i < n there exist 
bl,b?,bl est ,6,b° e (P x [cmax + l]) e s.t. for every 
< e < 1 we have 

. h = b[ + bf + b\ est for -m<i<n 
. matchd^blY' + blln) 

. match((Y, i ^o b i i ) +e + b$,Read) 
. match(d +e + b$ , Out) 

• There is a strictly monotone injection / : {-to, . . . ,n} hs- 
{-m',...,n'} where /(0) = s.t. Cf^ > bi - b\ and 
co = b - &o + b o and Ej*0 c i = (X^o b i ~ b l) + O. 
The intuition is that the A-PTPN tokens in bi for i + 
represent PTPN tokens with a little larger, and strictly positive, 
fractional part. Thus their age is incremented by e > before 
it is matched to the input, read and output arcs. The fractional 
parts of the tokens that are not involved in the transition stay 
the same. However, since all the time intervals in the PTPN 



have integer bounds, the fractional parts of newly created 
tokens are totally arbitrary. Thus they can be inserted at 
any position in the sequence, between any positions in the 
sequence, or before/after the sequence of existing fractional 
parts. This is specified by the last condition on the sequence 

C-m' ■ ■ ■ C-l,Co,Cl . ..C n i. 

Lemma 3. Let (q,M) be a PTPN configuration in 5-form 
for some 5 < 1/5. There is an occurrence of a discrete 
transition in S-form (q,M) — > t (q',M') if and only if 
aptpn((q,M)) — > t aptpn((q',M')). 

Additionally there are A-PTPN transitions that encode the 
effect of PTPN detailed timed transitions — ► for x € (0 : 5) or 
x e (1-5 : 1) for sufficiently small S > 0. We call these abstract 
timed transitions. For any multiset b e (P x [cmax + l]) 
let b + € (P x [cmax + l]) be defined by b + ((p,x + 1)) = 
b((p, x)) for x < cmax and b + ((p, cmax + 1)) = b((p, cmax + 
1)) + b((p, cmax)), i.e., the age cmax + 1 represents all 
ages > cmax. There are 4 different types of abstract timed 
transitions. (In the following all bi are nonempty.) 

Type l(q 1 ,b- m ...b-i,b ,h---K) — " 
(<li,b- m ■ ■ -b-i,0,b o bi . . .b n ). This simulates a 
very small delay 5 > where the tokens of integer 
age in bo now have a positive fractional part, but no 
tokens reach an integer age. 

Type 2(q\,b- m ... b-t,0, bi...b n ) — ► 
(qi,b- m . . . 6-2,6Ii,&i • • • b n )- This simulates a 
very small delay 5 > in the case where there were 
no tokens of integer age and the tokens in 6_i just 
reach the next higher integer age. 

Type 3(qi,b- m ...b- 1 ,b ,b 1 ...b n ) — ► 
(qi ,bt m ... b^btjo ...b k ,0, b + k+1 . . . b*) for 
some k e {0, ...,n}. This simulates a delay in 
(1 - 5 : 1) where the tokens in bo . . . bk do not quite 
reach the next higher integer and no token gets an 
integer age. 

Type 4(qi,b- m . . . 6_ x ,6o,&i ■■■K) — ► 
(qi,b + _ m . . . b^b^bo . . . b k ,b + k+1 ,b + k+2 . . . 6+) for 
some fce{0,...,n-l}. This simulates a delay in 
(1-<5:1) where the tokens in bo , . . . bk do not quite 
reach the next higher integer and the tokens on b k +i 
just reach the next higher integer age. 

Lemma 4. Let (q, M) be a PTPN configuration in 5-form for 
some 5 < 1/5 and x € (0 : 5). There is a PTPN detailed 
timed transition (q,M) — ► (q,M +x ) if and only if there 
is a A-PTPN abstract timed transition of type 1 or 2 s.t. 
aptpn((q,M)) — ► aptpn((q,M +x )). 

Lemma 5. Let (q, M) be a PTPN configuration in 5-form for 
some 5 < 1/5 and x € (1-5 ■ 1). There is a PTPN timed 
transition (q,M) — > (q,M +x ) if and only if there is a A- 
PTPN transition of either type 3 or 4 s.t. aptpn((q, M)) — ► 
aptpn((q,M +x )). 

The cost model for A-PTPN is defined as follows. For every 
transition t e T we have Cost ((qi, M±) — >t (92,-^2)) : = 



Cost (t), just like in PTPN. For abstract timed transitions of 
types 1 and 2 we define the cost as zero. For abstract timed 
transitions (q, Mi) — ► (q, M2) of types 3 and 4, we define 
Cost ((q, Ah) — (q,M 2 )) := Z peP |Mi(p)| * Cost (p) (i.e., 
as if the elapsed time had length 1). The intuition is that, as 5 
converges to zero, the cost of the PTPN timed transitions of 
length in (0 : 5) (types 1 and 2) or in (1-5:1) (types 3 and 
4) converges to the cost of the corresponding abstract timed 
transitions in the A-PTPN. The following Lemma [6] which 
follows from Lemmas 13 1415 1 shows this formally. 

Lemma 6. 

1) Let Co be a PTPN configuration where all tokens have 
integer ages. For every PTPN computation ir = cq — * 
. . . — ► c n in detailed fo rm and 5-form s.t. n * 5 < 1/5 
there exists a corresponding A-PTPN computation tt' = 
aptpn(co) — ► . . . — ► aptpn(c n ) s.t. 

\Cost (ir)-Cost (tt') I < n*S*(m&x |cj|)*(max Cost (p)) 

0<i<n peP 

2) Let c'o be a A-PTPN configuration (e,bo,e). For every 
A-PTPN computation tt' = c' — ► . . . — ► c' n and every 
< 5 < 1/5 there exists a PTPN computation tt = Co — * 
. . . — > c n in detailed form and 5-form s.t. c[ = aptpn(ci) 
for < i < n and 

\Cost (Tr)-Cost (tt') I < n*(5*(max |c'|)*(max Cost (p)) 

0<i<n peP 

Theorem 7. The infimum of the costs in a PTPN coincide 
with the infimum of the costs in the corresponding A-PTPN. 
inf{ Cost (tt) \Cinu -^-Cfin} = 

inf{ Cost (tt') I aptpn(C lmt ) —> aptpn(Cfi n )} 

V. Abstracting Costs in A-PTPN 

Given an A-PTPN, the cost-threshold problem is whether 
there exists a computation aptpn(Cmit) — >■ aptpn(Cfi„) s.t. 
Cost (tt) < v for a given threshold v. 

We now reduce this question to a question about simple 
coverability in a new model called AC-PTPN. The idea is to 
encode the cost of the computation into a part of the control- 
state. For every A-PTPN and cost threshold v e N there is a 
corresponding AC-PTPN that is defined as follows. 

For every A-PTPN configuration 

(q, b- m ...b-i,b ,bi...b n ) there are AC-PTPN 
configurations ((q,y), b- m . . . &_i, b , h . . . b n ) for all 
integers < y < v, where y represents the remaining allowed 
cost of the computation. We define a finite set of functions 
ac y for < y < v that map A-PTPN configurations to AC- 
PTPN configurations s.t. ac y ((q, b~ m . . . bo, b\ . . . b n )) = 
((q,y),b- m . . .b-i,b ,bi ...b n ). 

For every discrete transition t = (qi,q2, In, Read, Out) € 
T with (qx,b- m . . .b-i,bo,b x ...b n ) — > t 
(q2,c- m > . . .c_i,c ,ci . . .c nl ) in the A-PTPN, we 
have instead ((<?i,y), b- m . . . b-i, b ,bx . . . b n ) — > t 
((<Z2,y - Cost(t) ,c- m : ...C-i,co,c 1 ...c n ,) in the AC- 
PTPN for v > y > Cost(t). I.e., we deduct the cost of the 
transition from the remaining allowed cost of the computation. 



For every A-PTPN abstract timed transition of the types 
1 and 2 (qi,...) — ► (qi,...) we have corresponding AC- 
PTPN abstract timed transitions of types 1 and 2 where 

((<h,y),---) — ► ((qi,y),---) for aft < y < v. I.e., 

infinitesimally small delays do not cost anything. 

For every A-PTPN abstract timed transition 
of type 3 (q 1 ,b- m ...b-i,b ,bx...b n ) — ► 
(qi,bt m ...bt 2 bt 1 b Q ...b k ,0,b + k+1 ...b+) we have 
corresponding AC-PTPN abstract timed transitions of 
type 3 where ((qi,y), b- m . . . b- 1} b , h ■ ■ ■ b n ) — ► 
((<?i, V ~ z)X- m --- h -2 h -i h o---b k ,0,bl +1 ...b + n ) where 
z = EILm S pe _p \bi(p)\ * Cost (p) and v > y > z. 

Transitions of type 4 are handled analogously. 

Lemma 8. There is an A-PTPN computation 
aptpn(Ci n it) — ► aptpn(Cfi n ) with Cost (ir) < v 
iff there is a corresponding AC-PTPN computation 

ac v (aptpn(C mit )) \J < y <v ac y (aptpn(C fin )) 

Proof: Directly from the definition of AC-PTPN. ■ 
Note that, unlike A-PTPN, AC-PTPN are not monotone. 
This is because steps of type 3/4 with more tokens on 
cost-places cost more, and thus cost-constraints might block 
transitions from larger configurations. 

VI. The Abstract Coverability Problem 

We describe a general construction for solving reachabil- 
ity /coverability problems under some abstract conditions. 
Later we will show how this construction can be applied to 
AC-PTPN (and thus the A-PTPN and PTPN cost problems). 

A. The Generalized Valk-Jantzen Construction 

Theorem 9. (Walk & Jantzen H18V ) Given an upward-closed 
set V £ N k , the finite set V m i n of minimal elements of V is 
effectively computable iff for any vector u e N* the predicate 
u I n V + is decidable. 

We now show a generalization of this result. 

Theorem 10. Let (fi, <) be a set with a decidable well-quasi- 
order (wqo) <, and letV^fl be upward-closed and recursively 
enumerable. Then the finite set V m i n of minimal elements ofV 
is effectively constructible if and only if for every finite subset 
X £ fl it is decidable if V n ~X~\ + (i.e., if3veV.v{ X\). 

Proof: V m in is finite, since < is a wqo. For the only-if 
part, since X f is upward-closed, it suffices to check for each 
of the finitely many elements of V m i n if it is not in X\. This 
is possible, because X is finite and < is decidable. 

For the if-part, we start with X = and keep adding 
elements to X until Xf = V. In every step we do the check 
if 3v € V. v £ X't. If no, we stop. If yes, we enumerate V 
and check for every element v if v £ Xf (this is possible 
since X is finite and < decidable). Eventually, we will find 
such a v, add it to the set X, and do the next step. Consider 
the sequence of elements vt, t>2 , ■ ■ ■ which are added to X 
in this way. By our construction Vj Vi for j > i. Thus the 
sequence is finite, because < is a wqo. Therefore the algorithm 



terminates and the final set X satisfies ^ v e V. v i Xf, i.e., 
V £ X\. Furthermore, by our construction X £ V and thus 
X\ c V t= V. Thus X\ = V. Finally, we remove all non- 
minimal elements from X (this is possible since X is finite 
and < decidable) and obtain V m in- ■ 

Corollary 11. Let E be a finite alphabet and V £ £* a recur- 
sively enumerable set that is upward-closed w.r.t. the substring 
ordering <. The following three properties are equivalent. 

1) The finite set V m in of minimal elements ofV is effectively 
constructible. 

2) For every finite subset X £ E* it is decidable if 3v € 
V.vtXj. 

3) For every regular language R £ E* it is decidable if 
R n V = 0. 

Proof: By Higman's Lemma |20|, the substring order < is 
a wqo on E* and thus V m in is finite. Therefore the equivalence 
of (1) and (2) follows from Theorem [TOl Property (1) implies 
that V is an effectively constructible regular language, which 
implies property (3). Property (2) is equivalent to checking 
whether VnXI + and X f is effectively regular because X 
is finite. Therefore, (3) implies (2) and thus (1). ■ 
Note that Theorem [10] (and even Corollary QT] via an 
encoding of vectors into strings) imply Theorem [9] 

B. The Abstract Phase Construction 

We define some sufficient abstract conditions on infinite- 
state transition systems under which a general reachabil- 
ity/coverability problem is decidable. Intuitively, we have 
two different types of transition relations. The first relation 
is monotone (w.r.t. a given quasi-order) on the whole state 
space, while the second relation is only defined/enabled on 
an upward-closed subspace. The quasi-order is not a well 
quasi-order on the entire space, but only on the subspace. In 
particular, this is not a well-quasi-ordered transition system in 
the sense of fl6l . ifTTI . but more general. 

We call the following algorithm the abstract phase construc- 
tion, because we divide sequences of transitions into phases, 
separated by occurrences of transitions of the second kind. 

Definition 1. We say that a structure (S, C, <,-*■, -*a,~*b 
, init, F) satisfies the abstract phase construction requirements 
iff the following conditions hold. 

1. S is a (possibly infinite) set of states, C £ S is a 
finite subset, init € S is the initial state and F £ S 
is a (possibly infinite) set of final states. 

2. < is a decidable quasi-order on S. Moreover, < is a 
well-quasi-order on the subset Cf (where Cf = {s e 
S\3ce C.s > c}). 

3. ^=^4 u —>b 

4. - > a£ SxS is a monotone (w.r.t. <) transition relation 
on S. 

5. a. ->_b£ Cf x Cf is a monotone (w.r.t. <) transition 

relation on C t- 
5.b For every finite set X £ C| we have that the finitely 
many minimal elements of the upward-closed set 
Pre-> B (X t) are effectively constructible. 



6. a Pre*, (F) is upward-closed and decidable. 

6. b The finitely many minimal elements of Pre*,. (F) n 

C t are effectively constructible. 

7. a For any finite set U £ CI, the set Pre^ A (/7t) is 

decidable. 

7.b For any finite sets U,X E C\, it is decidable if 
XI n Pre*_^ (W[) nCf * 0. (In other words, it is 
decidable if 3z e (Xf n Cf). z -^* A Ut) 

(Note that Pre*, (Ut) is not necessarily constructible, 
because < is not a well-quasi-order on S. Note also that F 
is not necessarily upward-closed.) 

Theorem 12. If (S,C,<,^-,^A,^B,init,F) satisfies the 
abstract phase construction requirements of Def. [7] then the 
problem init ->■* F is decidable. 

Proof: By Def. [Q (cond. 3), we have init ^* F iff (1) 
init -+* A F, or (2) init -+* A (->b^>a) + F- 

Condition (1) can be checked directly, by Def.[T](cond. 6. a). 
In order to check condition (2), we first construct a sequence 
of minimal finite sets Uk £ C\ for k = 1,2,... such that 
t/fet = {s e 5 1 3j : 1 < j < k. s^b^aV F} and show that 
this sequence converges. 

First we construct the minimal finite set U{ £ C\ s.t. U[ t = 
Pre*+ (F)nCf. This is possible by conditions 6. a and 6.b of 
Def. Q] Then we construct the minimal finite set U% E (7f s.t. 
£/it = P re ^ B (JJ[ t). This is possible by conditions 5. a and 
5.b of Def. Q] For fc = 1, 2, . . . we repeat the following steps. 
. Given the finite set Uk E Cf, we construct the minimal 
finite set U' k+1 £ C\ s.t. £/£ +1 T = Pre*_ A (U k t)nCf. This 
is possible because of Theorem [To] which we instantiate 
as follows. Let ft = C*t and V" = Pre*_+ A (U k \) n Cf. 
Using the conditions from Def. Q] we have the following: 
By condition 2, < is a decidable well-quasi-order on Cf. 
By condition 4,V = Pre!^ (£/fct)nCt is upward-closed, 
since ^a is monotone. By conditions 7. a and 2, V is 
decidable, and by condition 7.b the question X\ n V + 
is decidable. Thus, by Theorem [TOl the finitely many 
minimal elements of V, i.e., the set U' k+l , are effectively 
constructible. 

. Given U' k+1 , we construct the minimal finite set U k+1 E 
Cf s.t. Z7*' +1 t = Pre^ B (C/fc +1 t). This is possible by 
conditions 5. a and 5.b of Def. [T] 

Then let Uk+i be the finite set of minimal elements of 

U' k ' +1 uU k . 

The sequence U\ t, U2 1, • • • is a monotone-increasing se- 
quence of upward-closed subsets of C t, where Uk is the finite 
set of minimal elements of Uk t- This sequence converges, 
because < is a well-quasi-order on C t by condition 2 of Def.Q] 
Therefore, we get U n = U n +i for some finite index n and 
U n t = {s € S I s(^b^-*a)* F}> because transition is only 
enabled in C\ by Def. |T] (cond. 5. a). 

Finally, by Def. Q] (cond. 7. a) we can do the final check 
whether init e Pret, (U n f) and thus decide condition (2). ■ 

In the following section we use Theorem Q~2] to solve the 
optimal cost problem for PTPN. However, it also has many 



other applications, when used with different instantiations. 

Remark 1. Theorem\T2\can be used to obtain a simple proof 
of decidability of the coverability problem for Petri nets with 
one inhibitor arc. Normal Petri net transitions are described 
by — >a, while the inhibited transition is described by — >b- 
(This uses the decidability of the normal Petri net reachability 
problem [21] to prove conditions 7. a and 7.b). 

A different instantiation could be used to show the decidabil- 
ity of the reachability problem for generalized classes of lossy 
FIFO-channel systems, where, e.g., an extra type of transition 
— >B is only enabled when some particular channel is empty. 

VII. The Main Result 

Here we state the main computability result of the paper. Its 
proof refers to several auxiliary lemmas that will be shown in 
the following sections. 

Theorem 13. Consider a PTPN M = (Q, P,T, Cost) with 
initial configuration Ci n u = (<jWti[]) an d set of final con- 
figurations Cfi n = {(qfi n ,M) I M € (PxM> o ) }. Then 
OptCost (C i n it, C fi n ) is computable. 

Proof: OptCost (Cmit, Cfin) = inf { Cost (tt) \ Ci m t —* 

Cfin} = mi{Cost(Tr') \ aptpn(C lm t) aptpn(Cfi n )}, by 

Theorem [7] Thus it suffices to consider the computations 

aptpn(Cmit) aptpn(Cfi n ) of the corresponding A-PTPN. 
In particular, OptCost (Ci n u,Cfi n ) e N. 

To compute this value, it suffices to solve the cost-threshold 
problem for any given threshold v e N, i.e., to decide if 
aptpn(Cinit) — ► o-ptpn(Cfi n ) for some 7r with Cost (n) < v. 

To show this, we first decide if aptpn(Cmit) —+ 
aptpn(Cfi n ) for any tt (i.e., reachability). This can be reduced 
to the cost-threshold problem by setting all place and transition 
costs to zero and solving the cost-threshold problem for v = 0. 
If no, then no final state is reachable and we represent this by 
inf { Cost (tt) \ Cinit — ► Cfin} = 00. If yes, then we can find 
the optimal cost v by solving the cost-threshold problem for 
threshold v = 0,1,2,3, .. . until the answer is yes. 

Now we show how to solve the cost-threshold problem. 
By Lemma [HJ this question is equivalent to a reachability 

problem ac v (aptpn(C tm t)) — ► (Jo< y < v ac y (aptpn(Cfi n )) in 
the corresponding AC-PTPN. This reachability problem is 
decidable by Lemma [16] ■ 
Before showing the auxiliary lemmas, we give a lower 
bound on the cost-threshold problem. 

Theorem 14. Consider a PTPN M = (Q,P,T, Cost) with 
initial configuration C, n jt = (qi n it,[\) and set affinal states 
Cfin = {(lfin,M) I M e (P x l>o) 9 }. Then the question if 
OptCost (C init ,C fin) = is at least as hard as the reachability 
problem for Petri nets with one inhibitor arc. 

Theorem [T4l implies that OptCost (Ci n it,Cfi n ) = is at 
least as hard as the reachability problem for standard Petri 
nets and thus EXPSPACE-hard |22"1 . 

To prove Lemma [TBI we need some auxiliary definitions. 



Definition 2. We define the partial order <J on AC- 
PTPN configurations. Given two AC-PTPN configura- 
tions (3 = (q/3,(b- m ...b-i,b ,bi...b n )) and 7 
(g 7 , (c- TO '...c_i,c ,ei ...c n >)) we have /3 < f 7 iff qp = 
q-y and there exists a strictly monotone function f : 
{—m, . . . , n} i-> {-to', . . . , n'} where /(0) = s.t. 

1) Cf(j) - bi 6 (P/ x [cmax + l]) , /or -to <i<n. 

2) cj € (P/ x [cmax + 1])°, if$i£ {-to, . . . , n}. /(i) = j. 
(Intuitively, 7 is obtained from /3 by adding tokens on free- 
places, while the tokens on cost-places are unchanged.) In 
this case, if a = (qp, (c- m ' ~b/-i(_ m '), ■ ■• ,c_i -6/-i(_i),c - 
60, ci - 6y-i(!), . . . , c„< - 6y-i(„/))) //ze« we write affi/3 = 7. 
(Note that a is not uniquely defined, because it depends on 
the choice of the function f. However one such a always exists 
and only contains tokens on Pf.) 

The partial order < c on configurations of AC-PTPN is 
defined analogously with P c instead of Pf, i.e., 7 is obtained 
from (3 by adding tokens on cost-places. 

The partial order <^ c on configurations of AC-PTPN is 
defined analogously with P instead of Pf, i.e., 7 is obtained 
from /3 by adding tokens on any places, and <^ c =< c u <* . 

Lemma 15. < c and <J C are decidable quasi-orders on the 
set of all AC-PTPN configurations. 

For every AC-PTPN configuration c, <? , is a well-quasi- 
order on the set {c}t = {s\c <^ s} (i.e., here 1 denotes the 
upward-closure w.r.t. <J ). 

is a well-quasi-order on the set of all AC-PTPN 
configurations. 

Lemma 16. Given an instance of the PTPN cost problem 
and a given threshold v e N, the reachability question 
ac v (aptpn(C mit )) — ► D < y < v ac y (aptpn(Cfi n )) in the cor- 
responding AC-PTPN is decidable. 

Proof: We instantiate a structure (S, C, <, -*■, -*b 
,init,F), show that it satisfies the requirements of Def. Q] 
and then apply Theorem fT2l 

Let S be the set of all AC-PTPN configurations of the form 
((g,2/),&_ m ...&_i,6o)&i--&n) where y < v. 

Let C be the set of all AC-PTPN configurations of the 
form ((q,y),b- m > ...b-i,b ,bi y .6 n <) where y < v, and 
hi € (P c x [cmax + l]) and £? = _ m / \ ^ v - in other words, 
the configurations in C only contain tokens on cost-places and 
the size of these configurations is limited by v. C is finite, 
because P c , cmax and v are finite. 

Let<:=< / of Def. E i.e., in this proof f denotes the upward- 
closure w.r.t. <* . By Lemma [T31 < is decidable, < is a quasi- 
order on S, and < is a well-quasi-order on {c}t for every 
AC-PTPN configuration c. Therefore <^ is a well-quasi-order 
on Cf, because C is finite. 

Let init := ac v (aptpn(Ci n it)) and F := 
Uo<y<v ac y (aptpn(Cfi n )). In particular, F is upward- 
closed w.r.t. <^ and w.r.t. <^ c . Thus conditions 1 and 2 of 
Def. 03 are satisfied. 

Let be the transition relation induced by the discrete 
AC-PTPN transitions and the abstract timed AC-PTPN tran- 



sitions of types 1 and 2. These are monotone w.r.t. <*. Thus 
condition 4 of Def. Q] is satisfied. 

Let be the transition relation induced by abstract timed 
AC-PTPN transitions of types 3 and 4. These are monotone 
w.r.t. <*, but only enabled in Cf, because otherwise the 
cost would be too high. (Remember that every AC-PTPN 
configuration stores the remaining allowed cost, which must be 
non-negative.) Moreover, timed AC-PTPN transitions of types 
3 and 4 do not change the number or type of the tokens in a 
configuration, and thus -^b^ CI x CI. So we have condition 
5. a of Def. Q] Condition 5.b is satisfied, because there are only 
finitely many token ages < cmax and the number and type of 
tokens is unchanged. 

Condition 3 is satisfied, because ->-=-m u by the 
definition of AC-PTPN. 

Now we show the conditions 6. a and 6.b. F is upward- 
closed w.r.t. <^ c and is monotone w.r.t. <f c (not only w.r.t 
<*). By Lemma [131 <^ c is a decidable wqo on the set of AC- 
PTPN configurations. Therefore, Pre^ A (F) is upward-closed 
w.r.t. <^ c and effectively constructible (i.e., its finitely many 
minimal elements w.r.t. <^ c ), because the sequence Prezl A (F) 
for i = 1,2,... converges. Let K be this finite set of minimal 
(w.r.t. <^ c ) elements of Pre*^ A (F). We obtain condition 6. a., 
because K is finite and <J C is decidable. Moreover, Pre* (P) 
is also upward-closed w.r.t. <* . The set C is a finite set of 
AC-PTPN configurations and C \ is the upward-closure of C 
w.r.t. <* , Therefore Pre** (P) n C\ is upward closed w.r.t. 
<* . Now we show how to construct the finitely many minimal 
(w.r.t. <*) elements of Pre!* A (P) n C\. For every k e K 
let a(k) := {k' \ k' e Ct,k < c k'}, i.e., those configurations 
which have the right control-state for Cf, but whose number 
of tokens on cost-places is bounded by v, and who are larger 
(w.r.t. < c ) than some base element in K. In particular, a(k) is 
finite and constructible, because v is finite, and < c and <^ are 
decidable. Note that a(k) can be empty (if k has the wrong 
control-state or too many tokens on cost-places). Let K' := 
Ufceif a(k), which is finite and constructible. We show that 
Pre! >A (P)nCt = K'\. Consider the first inclusion. If x zK'\ 
then 3k' eK',keK.k < c k' < f x, k' 6 Cf. Therefore k < fc x 
and x e Pre*, (F). Also k' 6 C f and k' <f x and thus x eCf. 
Now we consider the other inclusion. If x e Pre* (P) n C\ 
then there is a k e K s.t. k <f c x. Moreover, the number of 
tokens on cost-places in x is bounded by v and the control- 
state is of the form required by Cf, because x e Cf. Since, 
k <* c x, the same holds for k and thus there is some k! e a(k) 
s.t. k! <' x. Therefore x e K 1 \. To summarize, K' is the finite 
set of minimal (w.r.t. <* ) elements of Pre*, (P)nC f and thus 
condition 6.b holds. 

Conditions 7. a and 7.b are satisfied by Lemma F20l 
Therefore, Theorem Q~2] yields the decidability of the reach- 
ability problem init F, i.e., ac v (aptpn(Ci n it)) — ► 
\J <y< v ac y (aptpn(Cfi n )). ■ 

Lemma ES] will be shown in Section [IX] Its proof uses the 
simultaneous-disjoint transfer nets of Section IVIIII 



VIII. Simultaneous-Disjoint-Transfer Nets 

Simultaneous-disjoint-transfer nets (SD-TN) ifTO] are a sub- 
class of transfer nets [23 1. SD-TN subsume ordinary Petri nets. 
A SD-TN N is described by a tuple (Q,P,T, Trans). 

• Q is a finite set of control-states 

• P is a finite set of places 

• T is a finite set of ordinary transitions. Every transition 
t e T has the form t = (qi,q2,I,0) where qi,q^ e Q and 
1,0 eP @ . 

• Trans describes the set of simultaneous-disjoint transfer 
transitions. Although these transitions can have different 
control-states and input/output places, they all share the 
same transfer (thus the 'simultaneous'). The transfer is 
described by the relation ST cfxP, which is global for 
the SD-TN N. Intuitively, for (p,p') e ST, in a transfer 
every token in p is moved to p'. The transfer transitions in 
Trans have the form (qi,q2,I,0,ST) where qx,q% e Q 
are the source and target control-state, 1,0 e P e are 
like in a normal Petri net transition, and ST E p x P is 
the same global transfer relation for all these transitions. 
For every transfer transition (q±,q2,I, O, ST) the following 
'disjointness' restrictions must be satisfied: 

- Let (sr,tg),(sr',tg') e ST. Then either (sr,tg) = 
(sr' , tg') or \{sr, sr' , tg, tg'}\ = 4. Furthermore, {sr, tg}n 
(IuO) = 0. 

Let (q,M) e Q x P e be a configuration of TV. The firing 
of normal transitions t e T is defined just as for ordinary 
Petri nets. A transition t = (qi,q2,I,0) e T is enabled at 
configuration M) iff q = qi and M > I. Firing t yields the 
new configuration (q2,M') where M' = M - I + O. 

A transfer transition (qi, q2, 1, O, ST) e Trans is enabled 
at (q,M) iff q = qi and M > I. Firing it yields the new 
configuration (q2,M') where 

M'(p)=M(p)-I(p) + 0(p) ifpeluO 

M'(p)=0 if 3p'.(p,p') e ST 

M'(p) = M(p) + M(p') if (p',p) e ST 

M'(p) = M(p) otherwise 

The restrictions above ensure that these cases are disjoint. 
Note that after firing a transfer transition all source places of 
transfers are empty, since, by the restrictions defined above, a 
place that is a source of a transfer can neither be the target 
of another transfer, nor receive any tokens from the output of 
this transfer transition. 

Theorem 17. The reachability problem for SD-TN is decid- 
able, and has the same complexity as the reachability problem 
for Petri nets with one inhibitor arc. 

IX. Encoding AC-PTPN Computations by SD-TN 

In this section, we fix an AC-PTPN Af, described by the 
tuple (Q, P,T, Cost) and the cost-threshold v. We use the 
partial order <:=<^ on AC-PTPN configurations; see Def. [2] 
We describe an encoding of the configurations of Af as words 
over some alphabet E. We define E := (P x [cmax + 1]) u 
(Q x {y\ < y < v}) u {#,$}, i.e., the members of E are 



elements of P x [cmax + 1], the control-states of Af, and 
the two "separator" symbols # and $. For a multiset b = 
[<zi,...,a n ] € (P x [cmax + l]) , we define the encoding 
enc(b) to be the word ar--a n e (P x [cmax + 1]) . For 
a word w = byb n e ((Fx[cman-1]) ) , we define 
enc(w) := enc (6„) #--#enc i.e., it consists of the 
reverse concatenation of the encodings of the individual 
multisets, separated by For a marking M = (u>i,b,W2), 
we define enc(M) := enc(ui2)$enc(b)$enc(wi). In other 
words, we concatenate the encoding of the components in 
reverse order: first W2 then b and finally w\, separated by 
$. Finally for a configuration c = ((q,y),M), we define 
enc(c) := (q,y) enc(M), i.e., we append the pair (q,y) in 
front of the encoding of M. We call a finite automaton A 
over E a configuration-automaton if whenever w e L(A) then 
w = enc(c) for some AC-PTPN configuration c. 

Lemma 18. Given a finite set C of AC-PTPN configurations, 
we can construct a configuration- automaton A s.t. L(A) = 
enc(Ct)- 

Lemma 19. We can construct a configuration-automaton A 
s.t. L(A) = enc(S), where S is the set of all configurations 
of a given AC-PTPN. 

Lemma 20. Consider an instance of the PTPN cost problem, 
a given threshold V 6 N, and a structure (S, C, <, -*■, -m, -*-g 
, init, F), instantiated as in Lemma [76] 

Then conditions 7. a and 7.b. of Def. \l\are decidable. 

Proof: 

7.a Consider a configuration c. We can trivially construct 
a configuration-automaton A s.t. L(A) = {enc(c)}. Thus 
the question c € Pre^ A (U f) can be decided by applying 
Lemma |21~I to A and U. 

7.b Consider finite sets of AC-PTPN configurations U, X c 
C|. By Lemma [T8l we can construct configuration-automata 
Ai,A 2 with L(Ai) = enc{X^) and L(A 2 ) = enc(C\). 
Furthermore, by Lemma [191 we can construct a configuration- 
automaton A3 with £(.43) = enc(S). Therefore, by ele- 
mentary operations on finite automata, we can construct a 
configuration-automaton A4 with L(Ai) = L(Ai) n £(^43) n 
L{A 2 ), and we obtain that L{A±) = enc (X~f n Cf). Note 
that the complement operation on words is not the same as 
the complement operation on the set of AC-PTPN configura- 
tions. Thus the need for intersection with ^3. The question 
3z e (XI n Cf). z -^* A U\ of 7.b can be decided by applying 
Lemma |2TI to Aa and U. ■ 

Lemma 21. Given a configuration-automaton A, C as in 
Lemma [76] and a finite set U £ C f, it is decidable if there 
exists some AC-PTPN configuration Ci n it £ enc^ 1 (L(A)) s.t. 

C-init ~* A " t 

Proof: (Sketch) The idea is to translate the AC-PTPN into 
an SD-TN which simulates its computation. The automaton 
A is also encoded into the SD-TN and runs in parallel. A 
outputs an encoding of Ci n it, a nondeterministically chosen 
initial AC-PTPN configuration from L(A). Since the SD-TN 



cannot encode sequences, it cannot store the order information 
in the sequences which are AC-PTPN configurations. Instead 
this is encoded into the behavior of A, which outputs parts of 
the configuration Cj n jj 'just-in-time' before they are used in the 
computation (with exceptions; see below). Several abstractions 
are used to unify groups of tokens with different fractional 
parts, whenever the PTPN is unable to distinguish them. AC- 
PTPN timed transitions of types 1 and 2 are encoded as SD-TN 
transfer transitions, e.g., all tokens with integer age advance 
to an age with a small fractional part. Since this operation 
must affect all tokens, it cannot be done by ordinary Petri net 
transitions, but requires the simultaneous-disjoint transfer of 
SD-TN. Another complication is that the computation of the 
AC-PTPN might use tokens (with high fractional part) from 
Cinit, which the automaton A has not yet produced. This is 
handled by encoding a 'debt' on future outputs of A in special 
SD-TN places. These debts can later be 'paid back' by outputs 
of A (but not by tokens created during the computation). 
At the end, the computation must reach an encoding of a 
configuration in U t and all debts must be paid. This yields a 
reduction to a reachability problem for the constructed SD-TN, 
which is decidable by Theorem [T7] ■ 

X. Conclusion and Extensions 

We have shown that the infimum of the costs to reach a given 
control-state is computable in priced timed Petri nets with 
continuous time. This subsumes the corresponding results for 
less expressive models such as priced timed automata [14| and 
priced discrete-timed Petri nets lfl5l . 

For simplicity of presentation, we have used a one- 
dimensional cost model, i.e., with a cost 6 R> , but our result 
on decidability of the Cost-Threshold problem can trivially 
be generalized to a multidimensional cost model (provided 
that the cost is linear in the elapsed time). However, in a 
multidimensional cost model, the Cost-Optimality problem 
is not defined, because the infimum of the costs does not 
exist, due to trade-offs between different components. E.g., 
one can construct a PTPN (and even a priced timed automa- 
ton) with a 2-dimensional cost where the feasible costs are 
{(x, 1 - x)\x e M>o,0 < x < 1}, i.e., with uncountably many 
incomparable values. 

Another simple generalization is to make token storage costs 
on places dependent on the current control-state, e.g., storing 
one token on place p for one time unit costs 2 if in control- 
state qi, but 3 if in control-state tfe. Our constructions can 
trivially be extended to handle this. 

Other extensions are much harder. If the token storage costs 
are not linear in the elapsed time then the infimum of the costs 
is not necessarily an integer and our abstraction to A-PTPN 
would not work. It is an open question how to compute optimal 
costs in such cases. 

Finally, some extensions make the cost-problems undecid- 
able. If one considers the reachability problem (instead of 
our control-state reachability problem) then the question is 
undecidable for TPN Q, even without considering costs. If 
one allows negative costs (i.e., rewards) in the model then 



all cost-problems (even control-state reachability/coverability) 
become undecidable, even for discrete-time PTPN lfl5l . 
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Appendix 

Appendix A. Example 




. The marking (gi, [(pi, 3.8) , (p2, 2.0) , (p3, 2.9)]) since it 

does not have the correct control state. 
. The marking (q u [(pi,3.1) 2 , (pa, 2.0) , (p 3 ,0.1) 2 ]) 

since it is missing input tokens with the correct ages in 

P3- 

. The marking \q u [(p x , 3.1) 2 , (p 2 , 1.0) , (p 3 , l-l) 2 ]) 
since it is missing read tokens with the correct ages in 

P2- 

d) Abstract Markings: Fix (5 = 0.2. Then the configura- 
tion 

c = [(pi, 2.1) , (px, 1.0) , (pi, 2.85) , (pi, 3.9) , 
(p 2l 1.1), (p 2 , 9.1), (p 2 , 1.0), (p 2 , 9.85), 
(p 3 , 8.1) , (p 3 , 0.85) , (p 3 , 2.9) , (p 3 , 4.9) , (p 3 , 9.0)] 



Fig. 1. A simple example of a PTPN. 



is in (5-form. We have 



Figure Q] shows a simple PTPN. We will use this PTPN to 
give examples of some of the concepts that we have introduced 
in the paper. 

a) Places and Transitions: The PTPN has two control 
states (qi and q 2 ) depicted as dark-colored circles, three 
places (pi, p 2 , P3) depicted as light-colored circles, and two 
transitions (ti and t 2 ) depicted as rectangles. Source/target 
control states, input/output places are indicated by arrows to 
the relevant transition. Read places are indicated by dou- 
ble headed arrows. The source and target control states 
of ti are qi resp. q 2 . There input, read resp. output arcs 
of t\ are given by the multisets [(pi, (0, 3])], [] resp. 
[(p 2 , [1, 5)) , (p3, (2, 00))]. In a similar manner, t 2 is defined 
by the tuple (q 2 ,q u [(p 3l [l,4))][(p 2 , [2,2]) , (p 1; [0,oo))]). 
The prices of ti, t 2 ,pi,p 2 ,p3 are 1,3,3,2,0 respectively. 

The value of cmax is 5. 

b) Markings: Figure Q] shows a marking 
[(p 1 ,3.1) 2 ,(p 1 ,2.5),(p 2 ,6.5),(p 3 ,0.1) 2 ]. 

c) Computations and Prices: An example of a compu- 
tation 7r is: 

(<?!, [(pi, 3.1) 2 , (p^ 2.5) , (p 2 ,6.5) , (p 3 ,0.1) 2 ]) 



(q 2 , [(pi, 3.1) 2 , (p 2 , 6.5) , (p 2 , 1.3) , (p 3 , 0.1) 2 , (p 3 , 2.2)]) 
0.7 

> Time 

(q 2 , [(pi, 3.8) 2 , (p 2 , 7.2) , (p 2 , 2.0) , (p 3 , 0.8) 2 , (p 3 , 2.9)]) 

— *t 2 

(gi, [(pi, 3.8) 2 , (px, 9.2) , (p 2 , 7.2) , (p 2) 2.0) , (p 3 , 0.8) 2 ]) 



1.3 



* Time 



[(pi, 5.1) 2 , (pi, 10.5) , (p 2 , 8.5) , (p 2 , 3.3) , (p 3 , 2.1) 2 ]) 

The cost Cost (rr) is given by 

1 + 2*3*0.7+2*2*0.7 + 3*0* 0.7+ 

3 + 3 * 3 * 1.3 + 2 * 2 * 1.3 + 1 * * 1.3 = 27.9 

The transition t 2 is not enabled from any of the following 
configurations: 



ci = aptpn (c) 
/ / 



<li- 



' (Pi,2) " 


" (Pi,3) " 




" (Pi,l) " 


(P2,6) 


(Ps',2) 




(W,i) 


. (W,o) . 


. CPs', 4) . 




. (Ps',6) . 



\ 



(Pi,2) 1\ 

(P2U) 

(p 2 ',6) 

(P3,6) J/ 



Note that token ages > cmax are abstracted as cmax + 1. 
Since here cmax = 5, all token ages > 5 are abstracted as 6. 

Below we describe four examples of abstract computation 
steps (these abstract computation steps are new examples and 
are not related to the concrete computation tt described in the 
previous paragraph.) 

(i) A type 1 transition from c\ leads to 



c 2 



'7i 



' (Pi,2) " 


' (Pi,3) " 






(P2,6) 


(W,2) 


,0, 


(W,i) 


. (P3,0) . 


. (paU) . 




. (Ps',6) . 



(Pl,2) 

(W,i) 

(Pa', 6) 
(p 3 ',6) 



(ii) A type 2 transition from c 2 leads to 



C3 = 
/ / 



' (Pl,2) - 




" (Px,4) " 




" (Pl.l) " 


(Pa', 6) 


• 


(P3,3) 


3 


(Pa'l) 


. (Ps',0) . 




. (Ps',5) . 




. (Pa', 6) . 



(Pi,2) 

(P2'l) 

(pa',6) 

(P3,6) 



(iii) A type 3 transition from C3 leads to 



' (Pi,3) ■ 


" (piA) ' 


" (Pi.l) " 




(W,6) 


(ps',3) 


(Pa',1) 


,0, 


. (Ps',1) . 


. (Ps',5) . 


. (Ps',6) . 





(pi,3) 
, (P2 ' 2) 

(P2,6) 

(pa', 6) 

(iv) A type 4 transition from C3 leads to 

C5 = 

/ / r (p!,3) 

(P2,6) 

(pa',6) 



Below, we give three concrete timed transitions that corre- 
spond to the abstract steps (i)-(iii) described above. 



[(pi, 2.1), (pi, 1.0) , (pi, 2.85), (pi, 3.9), 

(p 2 , 1.1), (p 2 , 9.1), (p 2 , 1.0), (p 2 , 9.85), 

(pa, 8-1) , (pa, 0.85) , (pa, 2.9) , (p 3 , 4.9) , (p 3) 9.0)] 



" (Pi,3) " 


" (Pi,4) " 




" (Pi,2) " 


(P2,6) 


(P3,3) 




(P2,2) 


. (Pa',1) . 


. (P3,5) . 




. (P3,6) . 



0.01 



* Time 



[(pi, 2.11) , (pi, 1.01) , (pi, 2.86) , (pi, 3.91) , 

(p 2 , 1.11) , (P2.9.11) , (p 2 , 1.01) , (p 2 ,9.86) , 

(pa, 8.11) , (p 3 , 0.86) , (p 3 , 2.91) , (p 3 , 4.91) , (p 3 , 9.01)] 



0.09 



> Time 



[( Pl , 2.2), (p l5 1.1), 2.95), ( Pl , 4.0), 

(p 2 , 1.2), (p 2 , 9.2), (p 2 , 1.1), (p 2 , 9.95), 

(p 3 , 8.2) , (p 3 , 0.95) , (p 3 , 3.0) , (p 3 , 5.0) , (p 3 , 9.1)] 



0.85 



y Time 



[(pi, 3.05), (px, 1.95), (pi,3.8),(pi, 4.85), 

(p 2! 2.05) , (p 2 , 10.05) , (pa, 1.95) , (p 2 , 10.8) , 

(pa, 9.05) , (pa, 1.8) , (ps, 3.85) , (p 3 , 5.85) , (p 3 , 9.95)] 

A concrete timed transitions that correspond to the abstract 
step (iv) is the following 



[(Pi, 2.2), ( Pl , 1.1), (p^ 2.95), (px, 4.0), 

(p 2 , 1.2), (pa, 9.2), (p 2 , 1.1), (pa, 9.95), 

(p 3 , 8.2) , (p 3 , 0.95) , (p 3 , 3.0) , (p 3 , 5.0) , (p 3 , 9.1)] 



0.9 



" Time 



[ (pi, 3.1), (p x , 2.0), (pi, 3.85), (p^ 4.9), 
(p 2 , 2.1), (p 2 , 10.1) ,( P 2, 2.0), (p 2 , 10.85) 
(p 3 , 9.1), (p 3 , 1.85) ,(p 3! 3.9), (p 3 , 5.9) , (. 



,9),(p 3 ,10.0)] 



Appendix B. Proofs of Section |ni] 

Lemma Q] Let C init C fin , where tt is C init = c — > 
... — > ci eng th e Cfi n . Then for every S > there exists a 

computation 7r' in <5-form where Cinit — -*■ Cfi n , where it' is 

C lm t = Cq >■ ... > C' length € Cfi n S.t. Cost (n') < Cost (n), 

ir and ir' have the same length and Vi : < i < length. \ci\ = 
\Cj\. Furthermore, if ir is detailed then ir' is detailed. 

Proof: Outline of the proof: We construct n' by fixing 
the structure of the computation ir and varying the finitely 
many real numbers describing the delays of timed transitions 
and the ages of newly created tokens. The tuples of numbers 
corresponding to a possible computation are contained in a 
polyhedron, which is described by a totally unimodular matrix, 
and whose vertices thus have integer coordinates. Since the 
cost function is linear in these numbers, the infimum of the 
costs can be approximated arbitrarily closely by computations 
7r' whose numbers are arbitrarily close to integers, i.e., com- 
putations 7T ; in 5-form for arbitrarily small 5 > 0. 
Detailed proof: The computation n with Ci n u — ► Cfi n con- 
sists of a sequence of discrete transitions and timed transitions. 
Let n be the number of timed transitions in ir and x.- L > (for 
1 < i < n) be the delay of the i-th timed transition in tt. 
Let m be the number of newly created tokens in tt. We fix 
some arbitrary order on these tokens (it does not need to agree 
with the order of token creation) and call them t\ , . . . , t m . Let 
Hi be the age of token ti when it is created in ix. (Recall 
that the age of new tokens is not always zero, but chosen 
nondeterministically out of given intervals.) 

We now consider the set of all computations tt' that have 
the same structure, i.e., the same transitions, as tt, but with 
modified values of j/i, . . . , y m and x\,...,x n . Such computa- 
tions tt' have the same length as tt and the sizes of the visited 
configurations match. Also if tt is detailed then tt' is detailed. 

It remains to show that one such computation tt' is in <5-form 
and Cost (tt') < Cost (tt). 

The set of tuples (yi, . . . , y m , x±, . . . , x n ) for which such a 
computation tt' is feasible is described by a set of inequations 
that depend on the transition guards. (The initial configuration, 
and the set of final configurations do not introduce any con- 
straints on (yi, . . . ,y m ,xi, . . . ,x n ), because they are closed 
under changes to token ages.) The inequations are derived 
from the following conditions. 

. The time always advances, i.e., Xi > 0. 



. When the token tj is created by an output arc with interval 
[a : b] we have a < yj < b, and similarly with strict 
inequalities if the interval is (half) open. Note that the 
bounds a and b are integers (except where b = oo in which 
case there is no upper bound constraint). 
. Consider a token tj that is an input of some discrete 
transition t via an input arc or a read arc labeled with 
interval [a : b]. Note that the bounds a and b are integers 
(or oo). Let Xk,Xk+i , ■ ■ ■ , %k+i be the delays of the timed 
transitions that happened between the creation of token 
tj and the transition t. Then we must have a < yj + x^ + 
Xk+i + • • • + x k+l < b. (Similarly with strict inequalities if 
the interval is (half) open.) 
These inequations describe a polyhedron PH which con- 
tains all feasible tuples of values (yi, . . . , y m , x\, . . . , x n ). By 
the precondition of this lemma, there exists a computation 
Cmit — ► Cfi n and thus the polyhedron PH is nonempty. 
Therefore we obtain the closure of the polyhedron PH by 
replacing all strict inequalities <, > with normal inequalities 
<,>. Thus PH contains PH, but every point in PH is 
arbitrarily close to a point in PH. Now we show that the 
vertices of the polyhedron PH have integer coordinates. 

Let v = (yi , . . . ,y m ,xi, . . . ,x n ) be a column vector of the 
free variables. Then the polyhedron PH can be described by 
the inequation M ■ v < c, where c is a column vector of 
integers and M is an integer matrix. Now we analyze the 
shape of the matrix M, Each inequation corresponds to a row 
in M, If the inequality is < then the elements are in {0, 1}, 
and if the inequality is > then the elements are in {0,-1}. 
Each of the inequations above refers to at most one variable 
yj, and possibly one continuous block of several variables 
Xk,Xk+i, ■ ■ ■ ,Xk+i- Moreover, for each yj, this block (if it is 
nonempty) starts with the same variable Xk- This is because the 
Xk,Xk+i,- ■ ■ 7 Xk+i describe the delays of the timed transitions 
between the creation of token tj and the moment where tj is 
used. Xk is always the first delay after the creation of tj, and no 
delays can be left out. Note that the token tj can be used more 
than once, because transitions with read arcs do not consume 
the token. We present the inequalities in blocks, where the 
first block contains all which refer to yi, the second block 
contains all which refer to j/2, etc. The last block contains 
those inequations that do not refer to any yj, but only to 
variables a^. Inside each block we sort the inequalities w.r.t. 
increasing length of the Xk,Xk+i, ■ ■ ■ ,Xk+i block, i.e., from 
smaller values of / to larger ones. (For yj we have the same 
k.) Thus the matrix M has the following form: 



/ 1 
1 
1 



\ 
1110 
11110 



1 
-10 
1 




-1 
1110 



\ 



Formally, the shape of these matrices is defined as follows. 



Definition 3. We call a (zxm + n) -matrix a PTPN constraint 
matrix, every row has one of the following two forms. 
Let j € {1, . . . , m} and k(j) e {1, ... ,71} be a number 
that depends only on j, and let a e {-1,1}. First form: 
0^ 1 a0 ro - J 'Q fe(j ')- 1 Q!*0*. Second form: 0*a*0*. Matrices that 
contain only rows of the second form all called 3-block 
matrices in l[T4\l . 

Definition 4. [24] An integer matrix is called totally unimod- 
ular iff the determinant of all its square submatrices is equal 
to 0, 1 or -1. 

Lemma 22. All PTPN constraint matrices are totally unimod- 
ular. 

Proof: First, every square submatrix of a PTPN constraint 
matrix has the same form and is also a PTPN constraint 
matrix. Thus it suffices to show the property for square PTPN 
constraint matrices. We show this by induction on the size. 
The base case of size 1 x 1 is trivial, because the single 
value must be in {-1,0,1}. For the induction step consider 
a square k x k PTPN constraint matrix M, with some n, m 
s.t. n + m = k. If M does not contain any row of the first 
form then M is a 3-block matrix and thus totally unimodular 
by fffl (Lemma 2). Otherwise, M contains a row i of the 
first form where M(i,j) e {-1,1} for some 1 < j < m. 
Without restriction let i be such a row in M where the number 
of nonzero entries is minimal. Consider all rows i' in M 
where M(i',j) t 0. Except for M(i',j), they just contain (at 
most) one block of elements 1 (or -1) that starts at position 
m+ k(j). By adding/subtracting row i to all these other rows 
i' where M(i',j) * we obtain a new matrix M' where 
M'(i,j) is the only nonzero entry in column j in M' and 
det(M') = det(M). Moreover, M' is also a PTPN constraint 
matrix, because of the minimality of the nonzero block length 
in row i and because all these blocks start at m + k(j). 
I.e., in M' these modified rows i' have the form 0*1*0* or 
0*(-l)*0*. We obtain M" from W by deleting column j 
and row i, and M" isa(fc-l)x(fc-l) PTPN constraint 
matrix (because j < m). By induction hypothesis, M" is 
totally unimodular and det(Af') 6 {-1, 0, 1}. By the cofactor 
method, det(M') = (-l) l+j *M'(i, j)*det(M") e {-1,0,1}. 
Thus det(M) = det(M') e {-1,0,1} and M is totally 
unimodular. ■ 

Theorem 23. K2M . Consider the polyhedron {v e H fe | M -v < 
c} with M a totally unimodular (p x k) matrix and c e V . 
Then the coordinates of its vertices are integers. 

Since our polyhedron PH is described by a PTPN con- 
straint matrix, which is totally unimodular by Lemma |22] it 
follows from Theorem [23] that the vertices of PH have integer 
coordinates. 

Since the Cost function is linear in x\,...,x n (and does 
not depend on y\, . . . , y m ), the infimum of the costs on PH 
is obtained at a vertex of PH, which has integer coordinates 
by Theorem [23] Therefore, one can get arbitrarily close to 
the infimum cost with values y±, . . . , y m , x±, . . . , x n which are 



arbitrarily close to some integers. Thus, for every computation 
Cinit — ► Cfin there exists a modified computation tt' with 
values y%, . . . , y m , x\, . . . , x n arbitrarily close to integers (i.e., 

tt' in 5-form for arbitrarily small 8 > 0) such that Ci n u —*■ Cfi n 
and Cost {it') < Costfjr). (Note that the final configuration 
reached by tt' possibly differs from the final configuration of 
tt in the ages of some tokens. However, this does not matter, 
because the set of configurations Cfi n is closed under such 
changes.) ■ 



Appendix C. Proofs of Section HVl 

Lemma [3] Let (q,M) be a PTPN configuration in £-form 
for some 6 < 1/5. There is an occurrence of a discrete 
transition in i5-form (q,M) — > t (q',M') if and only if 

aptpn((q,M)) — »-t aptpn((q',M')). 

Proof: Let M = M_ m + • • • + M_i + M + M x + ■ ■ ■ + M n 
be the unique decomposition of M into increasing fractional 
parts, and aptpn (M) := (6_ m . . . b$, &i • • • &n)> as defined 
in Section [TVl Let t = (q,q r , In, Read, Out). 

Now we prove the first implication. If (q, M) — > t (q', M') 
then there exist I, O, R, M rest e (P x R> )° s.t. the following 
conditions are satisfied: 

. M = I + R + M rest 

• match(I, In), match(R, Read) and match(0, Out). 
. M' = + R + M rest . 

Thus each Mi can be decomposed into parts Mi = M- + Mf' + 
M[ est , where / = M/, R = Z ( M?-, M rest = £ 4 M[ est . Let 
bf = aptpn(M t I ), bf = aptpn (Mf), 6[ esf = aptpn (M t rest ). 
Then 6; = 6f + bf + b^ est . Since the time intervals on transitions 
have integer bounds, we obtain ma£c/i((2^ H ) +e + b l,In) 
and match((Z t ^o b f) +f ' + b$,Read). 

Similarly as M, the marking O can be uniquely decom- 
posed into parts with increasing fractional part of the ages 
of tokens, i.e., O = O-j + ■■■ + O-x + O + 0\ + ■■■ + Ok- 
Let O = aptpn (O — Oq) and b$ = aptpn (Oq). Thus we get 
match(d +€ + b$, Out). 

Since M' = O + R + M rest , the sequence of the remaining 
parts of the Mi is merged with the sequence O-j H — + O-x + 
Oo + 0\ + ••• + Ok- Thus M' can be uniquely decomposed 
into parts with increasing fractional part of the ages of tokens, 
i.e., M' = M'_ m , + ■■■ + ML t + M' Q + M[ + — + M' n ,. Let c, = 
aptpn {Ml). Thus there is a strictly monotone injection / : 
{— m, ...,n} i-s- {-m! , . . . ,n'} where /(0) = s.t. Cfu) > 
bi - bf and c = b -b I Q + b° and £,:*o c { = (E^o b i ~ H) + O. 

Thus aptpn ((q,M)) = (q,b- m ...b-x,b ,bi...b n ) — > t 
(g',c_ m '...c_i,Co,Ci...c„/) = aptpn ((q',M')). 

Now we show the other direction. If aptpn ((q,M)) — > t 
aptpn ((q' , M')) then we have aptpn ((q' , M')) 
(q', c- m > ...C-i,Co,Cx...Cn>) s.t. 

. bi = b\ + bf + bl est for -m < i < n 

. match({? 4UO b\y* + blln) 

. match((Y,i±a°f) +t + bff,Read) 

. match(6 +e + b$ , Out) 

• There is a strictly monotone injection / : {-to, . . . , n} 
{-to', ...,n'} where f(0) = s.t. Cfa\ > bi - bf and 
co = b -b I + bfi and c 4 = (£^ ^ " H ) + O. 

As before, each M, can be decomposed into parts Mj = M\ + 
M[^ + Ml est , where b\ = aptpn{M I l ), bf = aptpn (Mf), 
and 6[ esf = aptpn (M[ est ) . Let J = EiM"/, i? = ^Aff, 
and Af est = St-MT"*. So we have M = I + R + M rest . 
Furthermore, since the interval bounds are integers, we have 
match(I, In), match(R, Read) and match(0, Out). Finally, 
due to the conditions on O and b$ , there exists a marking 
O s.t. 6 + bg = aptpn (O) and M' = O + R+ M rest and 



aptpn ((q',M')) = (q',c- m > .. . e_i,c ,ci . . . c n >). Moreover, 
this O can be chosen to be in (5-form, for the following 
reasons. The tokens in O whose fractional part is the same 
as a fractional part in M are trivially in (5-form, because 
M is in (5-form. The tokens in O whose fractional part is 
between two fractional parts in M is also trivially in <5-form, 
because M is in (5-form. Now consider the tokens in O whose 
fractional part is larger than any fractional part in M\-\ — +M ra . 
Let <5i be the maximal fractional part in Mi + ••• + M n . We 
have Si < 6, because M is in (5-form. Therefore there is still 
space for infinitely many different fractional parts in O in 
the nonempty interval (Si ■ S). Finally consider the tokens 
in O whose fractional part is smaller than any fractional part 
in M_ m + ••• + M-\. Let 82 be the minimal fractional part 

in Af_ m h + M_i. We have S2 > 1 - 8, because M is in 8- 

form. Therefore there is still space for infinitely many different 
fractional parts in O in the nonempty interval ( 1 - 6 : £2) ■ 

Thus, since O is in (5-form, the transition (q,M) — > t 
(q',M') is in <5-form, as required. ■ 

Lemma S] Let (q,M) be a PTPN configuration in (5-form for 
some 6 < 1/5 and x e (0 : 5). There is a PTPN detailed 
timed transition (q,M) — -> (q,M +x ) if and only if there 
is a A-PTPN abstract timed transition of type 1 or 2 s.t. 
aptpn((q,M)) — ► aptpn((q,M +x )). 

Proof: Let M = M_ m + ■■■ + M_i + M + Mi + ■ ■ ■ + M„ 
be the unique decomposition of M into increasing fractional 
parts, and aptpn (M) := (b- m . . . b-i, bo, bi ... b n ), as defined 
in Section [TV] Let e be the fractional part of the ages of the 
tokens in M-\. Since (q, M) is in (5-form, we have < 1— e < S. 
Now there are two cases. 

In the first case we have x < 1 - e. Then the tokens in 
M*i will have fractional part e + x e (1-8 : 1), and the 
tokens in Mq x will have fractional part x e (0:8). There- 
fore aptpn((q,M)) = (q, (6_ m . . . 6_i, b , b x . . . &„)) — ► 
(q,(b- m --- 6-i,0, 6 6i... &„)) = aptpn((q,M +x )), by a A- 
PTPN abstract timed transition of type 1, if and only if 
(q,M)^(q,M+*). 

In the second case we must have x = 1 - e and 
Mo = 0, because (q,M) — > (q,M +x ) is a detailed 
timed transition. In this case exactly the tokens in M_i 
reach the next higher integer age, i.e., the tokens in Ml* 
have integer age and the integer is one higher than the 
integer part of the age of the tokens in Mo. There- 
fore aptpn((q,M)) = (q, . . . 6_i,0, b x . . . b n )) — ► 
(q,(b- m ...b- 2 ,bZi,b 1 ...b n )) = aptpn((q,M +x )), by a A- 
PTPN abstract timed transition of type 2, if and only if 
(q,M)^(q,M +x ). ' M 

Lemma H] Let (q,M) be a PTPN configuration in (5-form for 
some 8 < 1/5 and x e (1-8 : 1). There is a PTPN timed 
transition (q, M) — ► (q, M +x ) if and only if there is a A- 
PTPN transition of either type 3 or 4 s.t. aptpn((q, M)) — > 
aptpn((q,M +x )). 

Proof: Let M = M_ m + • • • + M_i + M + Mi + ■ • ■ + M n 
be the unique decomposition of M into increasing fractional 



parts, and aptpn (M) := (6_ m . . . fc_i, bo, bi . . . b n ), as defined 
in Section [IV] Let be the fractional part of the ages of the 
tokens in Mk for < k < n. Since (q, M) is in (5-form, we 
have < ek < 8. Now there are two cases. 

In the first case we have x € (1 - ek+i '■ 1 — £fe) £ (1 — 8 : 1) 
for some < fc < n. (If k = n we have x e (1 - <5 : 1 - e n ), 
and if k = we have x 6 (1 - ei : 1).) Then, in the step from 
Mfc+i to M^, the token ages in Mfe+i reach and slightly 
exceed the next higher integer age, while the token ages in 
M^ x still stay slightly below the next higher integer. There- 
fore aptpn((q,M)) = (q, (b-m . . . 6_i, b , b x . . . b n )) — ► 
(q,(bt m ...b + _ib o ...b k ,0M k+1 ...b + n )) = aptpn((q,M +x )), 
by a A-PTPN abstract timed transition of type 3, if and only 
if (q,M)^(q,M +x ). 

The only other case is where x = 1 - e^+i for 
some k e {0, . . . ,n — 1}. Here exactly the tokens in 
Mfc+i reach the next higher integer age. Therefore 
aptpn((q,M)) = (q, (b- m . . . b-i, b , h . . . b n )) — ► 
(q,(bt m ...bt 1 b ...b k ,bt + i,bt +l ...bt)) 
aptpn ((q, M +x )), by a A-PTPN abstract timed transition of 
type 4, if and only if (q, M) (q, M +x ). ■ 

Lemma 

1) Let Co be a PTPN configuration where all tokens have 
integer ages. For every PTPN computation it = Co — > 
. . . — ► c n in detailed form and <5-form s.t. n * 8 < 1/5 
there exists a corresponding A-PTPN computation it' = 
aptpn(ca) — > . . . — > aptpn(c„ ) s.t. 

\Cost (Tr)-Cost (?r') I < n*8*(m&x \ci\)*(m&x Cost (p)) 

0<i<n pzP 

2) Let c' Q be a A-PTPN configuration (e,bo,e). For every 
A-PTPN computation it' = c' a — *■ . . . — ► c' n and every 
< 8 < 1/5 there exists a PTPN computation n = cq — > 
. . . — > c n in detailed form and (5-form s.t. d i = aptpn(ci) 
for < i < n and 

\Cost (ir)-Cost (?r') I < n*8*(max |c^|)*(max Cost (p)) 

0<i<n pzP 

Proof: For the first part let it = cq — > . . . — > c n 
be a PTPN computation in detailed form and (5-form s.t. 
n*8 < 1/5. So every timed transition — > has either x e (0 : 8) 
or x € (1-8 : 1). Furthermore, the fractional part of the 
age of every token in any configuration q is < i * 8 away 
from the nearest integer, because c only contains tokens 
with integer ages. Since i < n these ages are < n * 8 < 
1/5 away from the nearest integer. Moreover, it is detailed 
and thus Lemmas [3] |4] and [5] apply. Thus there exists a 
corresponding A-PTPN computation n' = aptpn(co) — ► 
... — * aptpn(cn)- By definition of the cost of A-PTPN 
transitions, for every discrete transition Cj — ► Ci+i we 
have Cost (cj — ► Cj+i) = Cost (aptpn(ci) — > aptpn(ci+i)). 
Moreover, for every timed transition Cj — > Ci+i we have 
\Costici — ^> Ci+i \-Cost (aptpn(ci) — > aptpn(ci + i)) \<S* 
|c,-| * (maxpep Cost (p)), because either x e (0 : 8) or 



x 6 (1 - 6 : 1). Therefore \Cost (tt) - Cos* (tt') | < n * S * 
(maxo<i<„ \ci\) * (max p(; p Cost (p)) as required. 

For the second part let cq be a PTPN configuration s.t. 
(e, bo,e) = Cq = aptpn(co), i.e., all tokens in Co have integer 
ages. We now use Lemmas |3] E] and to construct the PTPN 
computation tt. Let Si := 8*2 l ~ n for < Hen. The construction 
ensures the following invariants. (1) c' { = aptpn(ci), and (2) q 
is in oVform. Condition (1) follows directly from Lemmas [5] 
|4] and [5] For the base case i = 0, condition (2) holds trivially, 
because all tokens in cq have integer ages. Now we consider 
the step from i to i + 1. Since Cj is in (5i-form, we obtain 
from Lemmas [3] |4] and [5] that if the i - th transition in this 
sequence is a timed transition — > then either x e (0 : 5^) or 
x £ (1 - <5,: : 1). Therefore, since Ci is in <5i-form, Cj + i is in 
(2 * <5i)-form and thus in Si+i-foim. 

Now we consider the cost of the PTPN computa- 
tion tt. By definition of the cost of A-PTPN tran- 
sitions, for every discrete transition c; — > Cj+i we 
have Cost (ci — ► (k+i) - Cost (aptpn(ci) — *■ aptpn(ci+i)). 
Moreover, for every timed transition a — ► c^+i we have 
\Costlci — ► Ci+i^j - Cost (aptpn(ci) — ► aptpn(ci+i)) \ < 
$i * Is I * (max pe p Cost(p)), because either x e (0 : 5i) 
or x e (1 - 5i : 1). Therefore \Cost (tt) - Cost(n')\ < 
n* S * (maxo<i<„ |c^|) * (max pe p Cost (p)) as required. ■ 

Theorem [7] The infimum of the costs in a PTPN coincide 
with the infimum of the costs in the corresponding A-PTPN. 

inf { Cost (tt) I C init — ► Cfin} = 

inf{ Cost (tt') I aptpn(Ci n u) — ► aptpn(Cfi n )} 

Proof: Let I := irtf{Cost (tt) \ Ci n n —* Cfi n } and /' := 

inf{ Cost (tt') \aptpn(C imt ) —>■ aptpn(Cfi n )}. 

First we show that /' / /. By definition of /, for every 
A > there is a computation Cmit — ^* Cfi n , s.t. Cost (tt\) - 
I < A. Without restriction we can assume that tt\ is also 
in detailed form. Let n\ := |7Ta| be the length of tt\ and 
tta = c — > ... — > c„ A . Let 5\ := min{l/(5n A ), A/(n A * 
(max <i<„ A |cj|) * (max pE p Cost (p)))}. 

By Lemma [T] there exists a computation Ci n u — ► Cfi n in 
detailed form and <5A-fbrm where \tt"\ = \tt\\ and tt" = c ' — ► 
... — >■ c[[ x s.t. \c'(\ = \a\ and Cost «) < CW(vr A ). It 
follows that Cost (tt") - I < A. 

By Lemma [6] (1), there exists a corresponding A-PTPN 
computation tt' x = aptpn(cQ) — > ... — ► aptpn(c" x ) 
s.t. \Cost (tt") - Cost(n' x ) \ < n x * 5\ * (max <i<„ A |c"|) * 
(max pe p Cost (p)) < A. Thus we obtain Cost (tt' x ) - I < 2A. 
Since this holds for every A > we get /' f I. 

Now we show that / / By definition of for every 

7T A 

A > there is a A-PTPN computation Ci n it — ► Cfi n , s.t. 
Cost (tt' x ) - 1' < A. Let n\ := |7r^| be the length of tt' x and 
tt' x = c' Q — > ... — > c' nx . Let 5\ := min{l/(5n A ), X/(n x * 
(max <i<„ A |c-|) * (maxp £ p Cost (p)))}. 

By Lemma |6] (2), there exists a corresponding PTPN 
computation tt\ = cq — > . . . — > c„ A in detailed form and 
<5 A -form s.t. c[ = aptpn(ci) and \Cost(TT\) - Cost(Tr' x ) \ < 



n\ * 8\ * (max <i<n A |c^|) * (max pe p Cost (p)) < A. Thus we 
obtain Cost (tt\) - I' < 2 A. Since this holds for every A > 
we get / f I' . 

By combining I' f I with J f I' we obtain I = I' as 
required. ■ 

Appendix D. Proofs of Section IVIII 

Lemma H5l <-^. < c and <^ c are decidable quasi-orders on the 
set of all AC-PTPN configurations. 

For every AC-PTPN configuration c, <* , is a well-quasi- 
order on the set {c}| = {s\c <^ s} (i.e., here f denotes the 
upward-closure w.r.t. <*). 

<J C is a well-quasi-order on the set of all AC-PTPN 
configurations. 

Proof: For the decidability we note that 
if /? = (qj3,(b- m ... &_i,6 ,&i •••&«)) and 

7 = (g 7 ,(c_ OT '...c_i,Co,Ci...cv)). then there 
are only finitely many strictly monotone functions 
/ : {-m,...,n} h» {-m', . . . , n'} with /(0) = 0, which 
need to be explored. Since addition/subtraction/inclusion on 
finite multisets are computable, the result follows. 

Moreover, <* , < c and <f c are quasi-orders in the set of 
all AC-PTPN configurations. Reflexivity holds trivially, and 
transitivity can easily be shown by composing the respective 
functions /. 

Now we show that <J C is a well-quasi-order on the set 
of all AC-PTPN configurations. Consider an infinite sequence 
/3o,/3i, ... of AC-PTPN configurations. Since P x [cmax + 1] 
is finite, multiset-inclusion is a wqo on (P x [cmax + 1])°, 
by Dickson's Lemma [25 1. Any AC-PTPN configuration 
consists of 4 parts: A control-state (out of a finite do- 
main), a finite sequence over (Px[cmoi + 1]) , an ele- 
ment of (P x [cmax + 1])°, and another finite sequence over 
(P x [cmax + 1]) G . Thus, by applying Higman's Lemma [20] 
to each part, we obtain that there must exist indices i < j s.t. 
ft < /c Pj. Thus < fc is a wqo. 

Now we show that <^ is a well-quasi-order on the set 
{c}t = {s\c <f s} for every AC-PTPN configuration c. 
Consider an infinite sequence /3o,/?i, . .. of AC-PTPN con- 
figurations where ft e {c}t for every i. It follows that 
there exists an infinite sequence of AC-PTPN configurations 
ao,a:i,... s.t. cti only contains tokens on Pf and ft = 
cffict,; for all i. Since Pf x [cmax + 1] is finite, multiset- 
inclusion is a wqo on (Pf x [cmax + 1])°, by Dickson's 
Lemma [25|. Any AC-PTPN configuration a, consists of 4 
parts: A control-state (out of a finite domain), a finite sequence 
over (Pf x [cmax + 1])°, an element of (Pf x [cmax + 1])°, 
and another finite sequence over (Pf x [cmax + l]) . Thus, 
by applying Higman's Lemma [20| to each part, we obtain 
that there must exist indices i < j s.t. cti ^ otj. Therefore 
ft = cfficq <f cffiaj = ft, and thus <J is a wqo on {c}t- ■ 

Definition 5. Petri nets with one inhibitor arc H19V are an 
extension of Petri nets. They contain a special inhibitor arc 
that prevents a certain transition from firing if a certain place 
is nonempty. 



Formally, a Petri net with an inhibitor arc is described 
by a tuple N = (Q, P, T, (p l , i 2 )) where (p l ,t l ) describes a 
modified firing rule for transition t % : it can fire only if p 1 is 
empty. 

• Q is a finite set of control- states 

• P is a finite set of places 

• T is a finite set of transitions. Every transition t 6 T has 
the form t = (qi,q 2 , 1 ,0) where qi,q2^Q and 1,0 e P®. 

Let (q, M) € Q x P G be a configuration of N. 

• If t € T - {t 1 } then t = (q±,q2,I,0) e T is enabled at 
configuration (q, M) iff q = q\ and M > I. 

• If t = t l then t = (gi, g>2, 1,0) e T is enabled at configu- 
ration (q, M) iff q = q\ and M > I and M(p l ) = 0. 

Firing t yields the new configuration (q2,M') where M' = 
M-I + O. 

The reachability problem for Petri nets with one inhibitor 
arc is decidable M9V . 

Theorem Q3 Consider a PTPN M = (Q,P,T,Cost) with 
initial configuration Cinit = (<7imt,[]) and set of final states 
Cfin = {(q fin ,M) | M £ (PxM> o ) }. Then the question if 
OptCost (Cinit,Cfi n ) = is at least as hard as the reachability 
problem for Petri nets with one inhibitor arc. 

Proof: Let (Q, P,T,(p l ,t 1 )) be a Petri net with one 
inhibitor arc with initial configuration (qinit, []) and final con- 
figuration (q fin ,[\). We construct a PTPN (Q',P',T', Cost) 
with initial configuration Ci n n = (qinit, W) and set of final 
configurations C fin = {(q' fin ,M) | M e (PxR> o ) } s.t. 

(feii []) — ► (qfin, []) iff inf{ Cost (ir) | C lmt C fin } = 0. 

Let Q' = Qu{q' fin , ql mt , q 2 wmt } . Let P' = Pu {p\ mt , p 2 watt } . 
We define Cost(p) = 1 for every p e P, Cost(p) = for 
pe P' -P, and Cost(t') = for i' e T". In order to define 
the transitions, we need a function that transforms multisets 
of places into multisets over P x Intrv by annotating them 
with time intervals. Let [pi, . . . ,p n ] e P° and I e Intrv. 
Then annotate([pi , . . . ,p n ],l) = [(px,l) , . . . , (p n ,l)] e 
(P x Intrv) . 

For every transition t e T - {t 1 } with £ = (qi,q2,I,0) 
we have a transition = (qi,q2,I',0') e T" where J' = 
annotate(In(P - {p l )} & , [0 : oo))+ annotate(I n{p l } @ , [0 : 
0]) and O' = annotate(0 , [0 : 0]). I.e., the age of the 
input tokens from p 1 must be zero and for the other input 
places the age does not matter. The transitions always output 
tokens of age zero. Instead of t % = (q\,q\,P,O z ) e T with 
the inhibitor arc (p\tf), we have the following transitions 
in T': (qiqlrt, annotate^, [0 : oo)), [(pi mt , [0 : 0])]) and 
(qlazt^^Kplatt,^ ■ ^])], annotate(O,[0 : 0])). This sim- 
ulates f in two steps while enforcing an arbitrarily small, but 
nonzero, delay. This is because the token on place p\, ait needs 
to age from age zero to an age > 0. If p 1 is empty then this 
yields a faithful simulation of a step of the Petri net with 
one inhibitor arc. Otherwise, the tokens on p 1 will age to a 
nonzero age and can never be consumed in the future. I.e., 
a token with nonzero age on p l will always stay there and 
indicate an unfaithful simulation. 



To reach the set of final configurations Cfi n , we add 
the following two transitions: (q fin , ql ait ,[], [(p 2 wmt , [0 = 0])]) 

and (qiait,<l'fin>[(piaiu I 1 : !])]> [])■ This enforces a delay of 
exactly one time unit at the end of the computation, i.e., just 
before reaching Cfi n . 

If (ta,0) (qfin,U) in the Petri net with one in- 
hibitor arc, then for every e > there is a computation 

Cmit — * (qfin,[]) in the PTPN which faithfully simu- 
lates it and has Cost (ir) < e, because the enforced delays 
can be made arbitrarily small. The final step to Cfi n = 
{{q'fi n ,M) | M 6 (P x R>o)°} takes one time unit, but costs 
nothing, because there are no tokens on cost-places. Thus 
OptCost (C init , Cfi n ) = mf {Cost (it) \ C mlt — >Cfi n ) =0. 

On the other hand, if OptCost (Cmit,Cfi n ) 
inf { Cost (ir) \ Cinit Cfin} = then the last step from qfi n 
to q'p n must have taken place with no tokens on places in P. In 
particular, p i must have been empty. Therefore, the PTPN did 
a faithful simulation of a computation (qinit, []) — ► (qfin, []) 
in the Petri net with one inhibitor arc, i.e., the transition t % was 
only taken when p l was empty. Thus (q lm t, []) — > (qfin, [])■ 

■ 

Appendix E. Proofs of Section IVIIII 

Theorem[l7]The reachability problem for SD-TN is decidable, 
and has the same complexity as the reachability problem for 
Petri nets with one inhibitor arc. 

Proof: We show that the reachability problem for SD-TN 
is polynomial-time reducible to the reachability problem for 
Petri nets with one inhibitor arc (see Def. |5), and vice-versa. 

For the first direction consider an SD-TN N 
(Q,P,T, Trans), with initial configuration (go, Mo) and final 
configuration (qf,Mf). We construct a Petri net with one in- 
hibitor arc N' = (Q', P',T', (p* ,t')) with initial configuration 
(q' ,Mg) and final configuration (q'^M'^) s.t. (q ,M ) — ^> 

(q f ,M f ) in N iff (q' ,M' a ) (q' f ,M' f ) in N'. 

Let S ■= {sr | (sr,tg) e ST} be the set of source- 
places of transfers. We add a new place p 1 to P' and modify 
the transitions to obtain the invariant that for all reachable 
configurations (q,M) in N' we have M(p l ) = ZsreS M(sr). 
Thus for every transition t = (q\,q 2 ,l ,0) e T in N we 
have a transition t' = (q\,q2,I' ,0') e T' in N' where 
I'(P 1 ) = Tsres /(«■) and 0'(p l ) = T sn s O(sr). For all other 
places p we have I'(p) = I(p) and O'(p) = 0(p). This suffices 
to ensure the invariant, because no place in S is the target of 
a transfer. 

To simulate a transfer transition (qi,q 2 ,I,0, ST) e Trans, 
we add another control-state q % to Q', another place p(q 2 ) 
to P' and a transition (qi,q l ,I',0 ! + {p(q2)}) to T', where 
I', O' are derived from /, O as above. Moreover, for every pair 
(sr,tg) € ST we add a transition (q l , q l , {sr,p % }, {tg}). This 
allows to simulate the transfer by moving the tokens from the 
source to the target step-by-step. The transfer is complete when 
all source places are empty, i.e., when p l is empty. Finally, we 
add a transition t % = (q l , q 2 , {p(q2)}, {}) and let the inhibitor 
arc be (p l ,t l ). I.e., we can only return to q 2 when p l is empty 



and the transfer is complete. We return to the correct control- 
state q 2 for this transition, because the last step is only enabled 
if there is a token on pfe). 

So we have Q' = Q u {q 1 }, P' = P u {p 1 } u {p(q) \q e Q} 
and T" is derived from T as described above. We let q' Q = qo, 
q' f = q f and Mfo*) = Z P , S M (p), M' f (p l ) = H P , S M f (p) 
and M^(p) = M (p) and M'Ap) = M f (p) for all places 
p € P and M^(p(q)) = M' f {p(q)) = 0. Note that, by definition 
of SD-TN, source-places and target-places of transfers are 
disjoint. Therefore, the condition on the inhibitor arc enforces 
that all transfers are done completely (i.e., until p l is empty, 
and thus all places in S are empty) and therefore the simulation 
is faithful. Thus we obtain (50, Mo) — > (qf,Mf) in N 
iff (q' ,Mo) (q' f ,M' f ) in N', as required. Since the 

reachability problem for Petri nets with one inhibitor arc is 
decidable [19], we obtain the decidability of the reachability 
problem for SD-TN. 

Now we show the reverse reduction. Consider a Petri net 
with one inhibitor arc N = (Q,P,T,(y,t 4 )) with initial 
configuration (qo, Mq) and final configuration (qf,Mf). We 
construct an SD-TN N' = (Q' , P' ,T' , Trans) with initial 
configuration (q' ,Mo) and final configuration (q'^M'^) s.t. 

(go, Mo) ^ (q f ,M f ) iff (q' ,M^) (q' f ,M' f ). 

Let Q' = Q, P' = Pu {p x } where p x is a new place, and 
T' = T-{?}. Let e = (q 1 ,q 2 ,I,0). In N', instead of t\ we 
have the Trans = {(qi,q 2 ,I,0,ST)} where ST = {(p\p x )}. 
Unlike in N, in N' the inhibited transition can fire even if p % is 
nonempty. However, in this case the contents of p 1 are moved 
to p x where they stay forever. I.e., we can detect an unfaithful 
simulation by the fact that p x is nonempty. Let q' Q = qo, 
q' f = q f , M^( Px ) = 0, M f ( Px ) = and M^p) = M (p) 
and M'j(p) = Mf(p) for all other places p. Thus we get 

(go, Mo) (qf,M f ) in N iff (q Q ,M' Q ) (q' f ,M' f ) in 
N', as required. Therefore, the reachability problem for SD- 
TN is equally hard as the reachability problem for Petri nets 
with one inhibitor arc. ■ 

Corollary 24. Let N be an SD-TN and F a set of SD-TN 
configurations, which is defined by a boolean combination of 
finitely many constraints of the following forms. 

(1) control-state = q (for some state q € Q) 

(2) exactly k tokens on place p (where k e N) 

(3) at least k tokens on place p (where k e N) 

Then the generalized reachability problem (go, Mo) — ► F is 
decidable. 

Proof: First, the boolean formula can be transformed 
into disjunctive normal form and solved separately for each 
clause. Every clause is a conjunction of constraints of the 
types above. This problem can then be reduced to the basic 
reachability problem for a modified SD-TN N' and then 
solved by Theorem QjJ One introduces a new final control- 
state q' and adds a construction that allows the transition 
from F to (q' , {}) if and only if the constraints are satisfied. 
For type (2) one adds a transition that consumes exactly k 
tokens from place p. For type (3) one adds a transition that 



consumes exactly k tokens from place p, followed by a loop 
which can consume arbitrarily many tokens from place p. We 
obtain (go,M ) —*■ F in N iff (q ,M ) (?',{}) in N'. 
Decidability follows from Theorem [T7] ■ 

Appendix F. Proofs of Section HXl 

Lemma [18] Given a finite set C of AC-PTPN configurations, 
we can construct a configuration-automaton A s.t. L(A) = 
enc(Cf). 

Proof: For every c 6 C we construct an au- 
tomaton A c s.t. L(A C ) = enc({c}1). Remember that 
here the upward-closure is taken w.r.t. <f . Let c 



((q,y),b- m . . .b-!,bo,bx ■ ■ - b n ). We have b { = [bj, 



where b\ e P x [cmax + 1]. Let Si = Pf x [cmax + 1], 
i.e., only tokens on free-places can be added in the upward- 
closure. Let Li = Let Wi = bJ...^' W and L 2 = 
Lxttf-^E^LititoE^Li . . . «;_iEt(#ii)» and L 3 = w^l 
and L 4 = iiWiEJ#L 1 w 2 EJ#ii...u; n EJ(#ii)*. Let E 2 = 
{(q,y)\q e Q,0 < y < »}. Then L(A C ) = Z 2 L 2 $L a $L 4 = 
enc({c}t). 

Finally, L(A) = \J ceC L(A C ) = enc (Ct). ■ 

Lemma H9l We can construct a configuration-automaton A s.t. 
L(A) = enc(S), where S is the set of all configurations of a 
given AC-PTPN. 

Proof: Let Ei = {{q,y)\q 6 Q,0 < y < v} and 
E 2 = Px [cmax + 1]. Let L x = T,* 2 and L 2 = Li(#E^)* 
and L3 = L 2 $Li$L 2 . Then the language of A is E1L3, which 
is a regular language over E. ■ 

Lemma [21] Given a configuration-automaton A, C as in 
Lemma [16] and a finite set U £ C* f, it is decidable if there 
exists some AC-PTPN configuration Ci n n e enc~ 1 (L(A)) s.t. 

Cinit ~~ * A U t 

Proof: We show the lemma for the case where Z7 is 
a singleton {c/; ra }. The result follows from the fact that U 
is finite and that U t = u cef7 ct. We will define an SD-TN 
T = (Q T ,P r ,T T ,Trans r ), a finite set Cj mt of (initial) 
configuration, and and a finite set (final) w-configuration C^ nal 



such that 3c^ it 
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T iff there is a a n it e enc (L(A)) s.t. 

C-init -+* A Ut. 

The result follows then immediately from Theorem QT] (and 
Corollary |24). Let c/?„ = ((q fin ,y fin ) , M fin ) where Mp„ 
is of the form (b- m ---b-i,bo,byb n ) and 6j is of the form 
((Pii,kn) ,...,(p ini ,k in J) for i : -m < i < n. Let the 
finite-state automaton A be of the form (Q A , T A , q£, F A ) 
where Q A is the set of states, T A is the transition relation, 
q A is the initial state, and F A is the set of final states. A 
transition in T A is of the form (q\,a,q 2 ) where q\,q 2 £ Q A 
and a £ (Px [cmax + 1]) u (Q x {y\ < v < y lm t}) u {#,$}. 
We write gi — > g 2 to denote that (51,01,52) 6 T A . During 
the operation of T, we will run the automaton A "in parallel" 
with A/". During the course of the simulation, the automaton A 
will generate the encoding of a configuration Cj n «. We know 



that such an encoding consists of a control-state (qinit,yinit) 
followed by the encoding of a marking M init , say of the 
form (c- m >---C-i,Co,cyc n >). Notice that A may output the 
encoding of any marking in its language, and therefore the 
values of m! and n' are not a priori known. 

To simplify the presentation, we introduce a number of 
conventions for the description of T. First we define a set 
X of variables (defined below), where each variable x e X 
ranges over a finite domain dom(x). A control-state q then 
is mapping that assigns, to each variable x e X, a value in 
dom(x), i.e., q(x) e dom(x). Consider, a state q, variables 
xi,...,x„ where Xi + Xj if i + j, and values vi,...,v„ 
where Vi e dom (x 4 ) for all i : 1 < i < n. We use 
g[xi «- vi,...,Xfe *- Vk] to denote that state q' such that 
q'(xi) = Vj for all i : 1 < i < k, and q'(x) = q(x) if 
x ji {xi, . . . , Xfc}. Furthermore, we introduce a set of transition 
generators, where each transition generator 9 characterizes a 
(finite) set [[#]] of transitions in T. A transition generator is 
a tuple (PreCond((9) , PostCond(6>) ,In(6>) , Out (60), where 

. PreCond(^) is a set {xi = vi, . . . ,Xfe = v^}, where x^ e X 
and Vi € dom (x^ for all i : 1 < i < k. 

• PreCond(^) is a set {x^ <- v[, . . . , x' e <- v' e }, where x- € 
X and v- e dom (x^) for alH : 1 < i < I. 

. In (6>), Out (6>) e (P r f. 
The set [[#]] contains all transitions of the form 
(qi,q2,In,Read, Out) where 

• qi(xi) = Vi for alH : 1 < i < k. 

• <?2 = 9i[xi <-v[,...,x' e ^v' e ]. 

. In = In (60, and Out = Out (9). 
In the constructions we will define a set of transition 
generators and define T 7 := u eee [[^I- 

Below we will define the components Q 7 ', P 7 ' , T 7 ', and 
Trans 7 in the definition of T, together with the set C 7 nit and 
configuration cj nai . 

The set Q 7 As mentioned above, the set Q 7 is defined in 
terms of a set X of variables. The set X contains the following 
elements: 

. Mode indicates the mode of the simulation. More pre- 
cisely, a computation of T will consist of three phases 
namely an initialization, a simulation, and a. final phase. 
Each phase is divided into a number of sub-phases 
referred to as modes. 

. A variable NState, with dom (NState) = Q, that stores 
the current control-state qjy. 

. A variable AState, with dom (AState) = Q^, that stores 
the current state of A. 

. A variable FState(«, j) with dom (FState (i, j)) = 
{true, false}, for each i : -m <i <n and 1 < j < ni. Dur- 
ing the simulation phase, the systems tries to cover all the 
tokens in the multisets of Mfi n . Intuitively, FState 
is a flag that indicates whether the token (pij,kij) has 
been covered. 

. A variable CoverFlag that has one of the values on or 
off. the covering of tokens in Mfi n 

occurs only during 



certain phases of the simulation. This is controlled by the 
value of the variable CoverFlag. 

. A variable Coverlndex with -m < Coverlndex < n 
gives the next multiset whose tokens are to be covered. 

. For each p e P and k : < k < cmax + 1, we 
have a variable RDebt (p,k), whose use and domain are 
explained below. During the simulation, we will need 
to use tokens that have still not been generated by A. 
To account for these tokens, we will implement a "debt 
scheme" in which tokens are used first, and then "paid 
back" by tokens that are later generated by A. The 
variable RDebt (p, k) keeps track of the number of tokens 
(p, k) that have been used on read arcs (the debt on 
tokens consumed in input operations are managed through 
specific places described later.) For a place p and a 
transition t, let Rmax(p, t) be the number of read arcs be- 
tween p and t. Define Rmax ■= max p€ p it6 T Rmax. Then, 
dom (RDebt (p, k)) = {0, . . . , Rmax}. The definition of 
the domain reflects the fact the largest amount of debt 
that we will generate due to tokens raveling through read 
arcs is bounded by Rmax. 

The set P' The set contains the following places: 

. For each p e P and k : < k < cmax + 1, the set 
P r contains the place ZeroPlace (p, k). The number 
of tokens in ZeroPlace (p, k) e P 7 reflects (although 
it may be not exactly equal to) the number of tokens in 
p e P whose ages have zero fractional parts. 

• For each p e P and k : < k < cmax + 1, the set P r con- 
tains the places LowPlace (p, k) and HighPlace (p, k). 
These places of play the same roles as above for tokens 
with ages that have low (close to 0) resp. high (close to 
1) fractional parts. 

• For each p e P and < k < cmax + 1, the set p 7 
contains the place InputDebt (p, k). The place represents 
the mount of debt due to tokens (p, k) traveling through 
input arcs. There is a priori no bound on the amount 
of debt on such tokens. Hence, this amount is stored in 
places (rather than in variables as is the case of read 
tokens.) 

The Set C 7 nit The set Cj nit contains all configurations 
(qZiit^Ziit) satisfying the following conditions: 

• q 7 nH (Eode) = Init. The initial mode is Init 

• q 7 nit (AState) = q$. The automaton A is simulated 
starting from its initial state q£. 

• llnit(^ Sta - te (h j)) = false for all i : -m < i < n and 
1 < j < ni. Initially we have not covered any tokens in 

Mfi n . 

. q 7 mt (KDebt(p,k)) = for all p e P and k : < k < 
cmax + 1. Initially, we do not have any debts due to read 
tokens. 

• M 7 it (p) for all places p e P 7 . Initially, all the places of 
T are empty. 

Notice that the variables CoverFlag and Coverlndex are not 
restricted so CoverFlag may be on or off and Coverlndex 



may have any value -to < Coverlndex < n. Although NState 
is not restricted either, its value will be defined in the first step 
of the simulation (see below.) 

Next, we explain how T works. In doing that, we also 
introduce all the members of the set T T . 

Initialization In the initialization phase the SD-TN T reads 
the initial control-state and then fills in the places according to 
Mimt . From the definition of the encoding of a configuration, 
we know that the automaton A outputs a pair (q,y) in its 
first transition. The first move of T is to store this pair in its 

(q.y) 

control-state. Thus, for each transition qi — -» q 2 in A where 
q e Q and 1 < y < yi n i t , the set 6 contains 9 where: 

. PreCond(6>) = {Mode = Init,AState = q^. 

. PostCond(6>) = {Mode = InitLow, NState <- (q,y) , 
AState <- q 2 }. 

. In(6>) = 0. 

. 0ut(6») = {LowPlace 
In other words, once T has input the initial control-state, it 
enters a new mode InitLow. In mode InitLow, we read 
the multisets cyc m that represent tokens with low fractional 
parts. The system starts running A one step at a time, gen- 
erating the elements of c m (that are provided by A.) When 
it has finished generating all the tokens in c m , it moves to 
the next multiset, generating the multisets one by one in the 
reverse order finessing with C\. We distinguish between two 
types of such tokens depending on how they will be used in the 
construction. More precisely, such a token is either consumed 
when firing transitions during the simulation phase or used for 
covering the multisets in Mfi n . A token (of the form (p,k)), 
used for consumption, is put in a place LowPlace (p, k). 
Recall that the relation — >a in A/" is insensitive to the order 
of the fractional parts that are small (fractional parts of the 
tokens in Ci, . . . , c n '.) Therefore, tokens in ci, . . . , c n ', that 
have identical places p and identical integer parts k will all 
be put in the same place LowPlace (p, k). Formally, for each 

transition qi — » q 2 in A, the set 9 contains 9 where: 
. PreCond(#) = {Mode = InitLow, AState = qi}. 
. PostCond(#) = {AState q 2 }. 
. In (6) =0. 

. Out (9) = {LowPlace (p,k)}. 
Each time a new multiset cj is read from A, the system 
decides whether it may be (partially) used for covering the 
next multiset &, in Mfi n . This decision is made by checking the 
value of the component CoverFlag. if CoverFlag = of f then 
the tokens are only used for consumption during the simulation 
phase. However, if CoverFlag = on then the tokens generated 
by A can also be used to cover those in Mfi n . The multiset 
currently covered is given by the value of the component 
Coverlndex. More precisely, if Coverlndex = i for some 
i : 1 < i < n then (part of) the multiset cj that is currently being 
generated by A (j ■ 1 < j < n') may be used to cover (part 
of) the multiset bi. At this stage, we only cover tokens with 
low fractional parts (those in the multisets &i, . . . , b n .) When 
using tokens for covering, the order on the fractional parts of 



tokens is relevant. The construction takes into consideration 

different aspects of this order as follows: 

. According to the definition of the ordering <* , the tokens 
in a given multiset Cj may only be used to cover those 
in one and the same multiset (say bi.) This also agrees 
with the observation that the tokens represented in cj 
correspond to tokens in the original TPN that have 
identical fractional parts (the same applies to bi.) In fact, 
if this was not case, then we would be using tokens 
with identical fractional parts (in Cj) to cover tokens with 
different fractional parts. Analogously, the multiset bi can 
be covered only by the elements of one multiset cj. 
• If i' < i then the fractional parts of the tokens represented 
by bi' are smaller than those represented by bi. The same 
applies to cy and cj if j' < j. Therefore, if Cj is used to 
cover bi and j' < j then cy should be used to cover bi> for 
some i' < i. Furthermore, a multiset cj is not necessarily 
used to cover any multiset, i.e., all the tokens represented 
by Cj may be used for consumption during the simulation 
(none of them being used for covering.) Similarly, it can 
be the case that a given bi is not covered by any multiset 
Cj (all its tokens are covered by tokens that are generated 
during the simulation.) Also, a multiset Cj may only be 
partially used to cover b i7 i.e., some of its tokens may be 
used for covering bi while some are consumed during the 
simulation. Finally, bi may only be partially covered by 
Cj, i.e., some of its tokens are covered by Cj while the 
rest of tokens are covered by tokens generated during the 
simulation. 

Formally, for each qi — > q 2 in A, 1 < i < n, 1 < j < rii with 
(Pi,j,ki,j) = (p,k), we add 9 to 0, where: where: 

. PreCond(6>) = {Mode = InitLow, AState = q\, 
CoverFlag = on, Coverlndex = i}. 

. PostCond(#) = {AState <- <7 2 , FState (i, j) ^ true}. 

. In(6>) =0. 

. Out(fl) = 0. 

The transition sets the flag FState(«,j) to true indicating 

that the token has now been covered. A transition qi — > q 2 
in A indicates that we have finished generating the elements 
of the current multiset bj. If CoverFlag = on then we have 
also finished covering tokens in the multiset bi. Therefore, 
we decide the next multiset i' < i in which which to cover 
tokens. Recall that not all multisets have to be covered and 
hence i' need not be equal to i - 1 (in fact the multisets bi" 
for i' < i" < i will not be covered by the multisets in Mi n i t .) 
We also decide whether to use &™\* to cover b^ or not. In the 
former case, we set CoverFlag to on, while in the latter case 
we set CoverFlag equal to off. Also, if CoverFlag = off 
then we decide whether to use Cj-i for covering bi or not. We 
cover these four possibilities by adding the following transition 
generators to 0. 

(i) For each transition qi — > q 2 in A, i ■ 1 < i < n, and 
i' : -to <i' <i, we add 9 where: 

. PreCond(#) = {Mode = InitLow, AState = qi, 
CoverFlag = true, Coverlndex = i}. 



. PostCond(#) = {AState <- q 2 , CoverFlag <- 

off, Cover Index «- i'}. 
. In(0) =0. 
. Out (0) = 0. 

This is the case where CoverFlag is on and continues to be 
on. Notice that no covering takes place if Coverlndex < 0, 
and that the new value of Coverlndex is made strictly smaller 
than the current one. 

(ii) For each transition q 1 — > q 2 in A, and each : 1 < 
i' < i < n, we add 9 where: 

• PreCond(6>) = {Mode = InitLow, AState = q\, 
CoverFlag = true, Coverlndex = i}. 

. PostCond(#) = {AState <- q 2 , Coverlndex <- i'}. 
. In(0) = 0. 
. Out (0) = 0. 

This is the case where CoverFlag is on but it is turned off 
for the next step. 

(iii) For each transition q\ — ► q 2 in A, we add where: 

. PreCond(0) = {Mode = InitLow, AState = q 1 , 

CoverFlag = off}. 
. PostCond(0) = {AState <- q 2 }. 
. In (0) = 0. 
. Out (9) = 0. 

This is the case where CoverFlag is off and continues to be 
off. 

(iv) For each transition q\ — > q 2 in A, we add 9 where: 

• PreCond(0) = {Mode = InitLow, AState = q\, 
CoverFlag = off}. 

. PostCond(0) = {AState <- q 2 , CoverFlag <- on}. 
. In(0) =0. 
. Out (9) = 0. 

This is the case where CoverFlag is off but it is turned on 
for the next step. 

The process of generating tokens with low fractional parts 

$ 

continues until we encounter a transition of the form q\ — > q 2 
in A. According to the encoding of markings, this indicates 
that we have finished generating the elements of the multisets 
c\,...,c n . Therefore, we change mode from InitLow to 
InitZero (where we scan the multiset bo.) We have also to 
consider changing the variables CoverFlag an Coverlndex 
in the same way as above. Therefore, we add the following 
transition generators: 

$ 

(i) For each transition q\ — ► q 2 in A, i ■ 1 < i < n, and 
i' : -m <i' <i, we add 9 where: 

. PreCond(0) = {Mode = InitLow, AState = q 1 , 

CoverFlag = true, Coverlndex = i}. 
. PostCond(0) = {Mode <- InitZero, AState q 2 , 

CoverFlag «- of f, Coverlndex <- i'}. 
. In(0) = 0. 
. Out (9) = 0. 

$ 

(ii) For each transition q\ — > q 2 in A, i : 1 < i < n, and 
i' : -m <i' <i, we add 9 where: 

. PreCond(#) = {Mode = InitLow, AState = q\, 
CoverFlag = true, Coverlndex = i}. 



• PostCond(^) = {Mode <- InitZero, AState <- q 2 , 

CoverFlag = on, Coverlndex = i'}. 
. In(6») =0. 
. Out (6) = 0. 

$ 

(iii) For each transition qi — ► q 2 in A, we add 9 where: 

. PreCond(^) = {Mode = InitLow, AState = q\, 

CoverFlag = off}. 
. PostCond(^) = {Mode <- InitZero, AState <- q 2 }. 
. In(6») =0. 
. Out (6) = 0. 

$ 

(iv) For each transition q\ — > q 2 in A, we add 9 where: 

. PreCond(#) = {Mode = InitLow, AState = qi, 

CoverFlag = off}. 
. PostCond(#) = {Mode <- InitZero, AState ■<- 172, 

CoverFlag = on}. 
. In(6») =0. 
. Out (6) = 0. 

In InitZero the places are filled according to c . The 
construction is similar to the previous mode. The only dif- 
ferences are that the tokens to be consumed will be put in 
places ZeroPlace (p, k) and that no tokens are covered in 

M fin . 

For each transition q\ —>■ q 2 in A, the set contains 9 
where: 

. PreCond(#) = {Mode = InitZero, AState = qi}. 
. PostCond(60 = {AState <- q 2 }. 
. In(6») = 0. 

. Out (9) = {ZeroPlace (p,k)}. 
Since the tokens are not used at this stage for covering the 
multisets of Mfi n , no transition generators are added for that 
purpose. Also, in contrast to tokens belonging to c , . . . , c„/ 
we cannot generate tokens belonging to c_ m <, . . . , c_i during 
the initialization phase. The reason is that, in the former case, 
we only need to keep track of the order of multisets whose 
tokens are used for covering (the ordering of the fractional 
parts in tokens used for consumption is not relevant.) Since 
the number n is given a priori in the construction (the marking 
Mfi n is a parameter of the problem), we need only to keep 
track of tokens belonging to at most n different multisets. This 
does not hold in the case of the latter tokens, since the order 
of the multisets to which the tokens belong is relevant also 
in the case of tokens that will be consumed. Since m' is not 
a priori bounded, we postpone the generation of these tokens 
to the simulation phase, where we generate these tokens from 
A "on demand": each time we perform a timed transition, we 
allow the HighPlace (p, k) tokens with the highest fractional 
part to be generated. This construction is made more precise 
in the description of the simulation phase. 

The mode InitZero is concluded when we the next 
transition of A is labeled with $. This means that we have 
finished inputting the last multiset b . We now move on to the 
simulation phase. 

$ 

For each transition of the form qi — > q 2 in A, we add 9 
to where: 



. PreCond(#) = {Mode = InitZero, AState = qi}. 
. PostCond(0) = {Mode <- Sim, AState <- q 2 }. 
. In(0) =0. 
. Out (0) = 0. 

Simulation The simulation phase consists of simulating a 
sequence of transitions each of which is either discrete, of type 
1, or of type 2. Each type 2 transition is preceded by at least 
one type 1 transition. Therefore, from Sim we next perform a 
discrete or a type 1 transition. The (non-deterministic) choice 
is made using the transition generators 9\ and 2 where: 

. PreCond(#i) = {Mode = Sim}. 

. PostCond(0i) = {Mode *- Disc}. 

. In(0i) =0. 

. Out (6»i ) = 0. 

. PreCond(0 2 ) = {Mode = Sim}. 

. PostCond(0 2 ) = {Mode <- Typel.l}. 

. In(0 2 ) = 0- 

. Out (0 2 ) = 0. 

Discrete Transitions A discrete transition t 
(qi,q2, In, Read, Out) in Af is simulated by a set of 
transitions in T. In defining this set, we take into consideration 
several aspects of the simulation procedure as follows: 

. Basically, an interval X on an arc leading from an 
input place p e In to t induces a set of transitions 
in T T ; namely transitions where there are arcs from 
places ZeroPlace (p, k) with k e X, and from places 
LowPlace (p, k) and HighPlace (p, k) with (k + e) eX 
for some e : < e < 1. An analogous construction is made 
for output and read places of t. Since a read arc does not 
remove the token from the place, there is both an input 
arc and output arc to the corresponding transition in T. 
. We recall that the tokens belonging to c_ m /, . . . , c_i are 
not generated during the initial phase, and that these 
tokens are gradually introduced during the simulation 
phase. Therefore, a transition may need to be fired 
before the required HighPlace (p, fc)-tokens have been 
produced by A. Such tokens are needed for performing 
both input and read operations. In order to cover for 
tokens that are needed for input arcs, we use the set of 
places InputDebt (p, k) for p e P and < k < cmax + 1. 
Then, consuming a token from a place HighPlace (p, k) 
may be replaced by putting a token in InputDebt (p, k). 
The "debt" can be paid back using tokens that are later 
generated by A. When T terminates, we require all the 
debt places to be empty (all the debt have been paid 
back.) Also, we need an analogous (but different) scheme 
for the read arcs. The difference is due to the fact that 
the same token may be read several times (without being 
consumed.) Hence, once the debt has been introduced 
by the first read operation, it will not be increased by 
the subsequent read operations. Furthermore, several read 
operations may be covered by a (single) input operation 
(a token in a place may be read several times before 
it is finally consumed through an input operations.) To 



implement this, we use the variables RDebt (p, k). Each 
time a number r of tokens (p, k) are "borrowed" for 
a read operation, we increase the value of RDebt (p, k) 
to r (unless it already has a higher value.) Furthermore, 
each debt taken on a token (p, k) in an input operation 
subsumes a debt performed on the same token (p, k) in 
a read operation. Therefore, the value of an old read debt 
is decreased by the amount of the input debt taken during 
the current transition. In a similar manner to input debts, 
the read debt is later paid back. When T terminates, we 
require all RDebt (p, k) variables to be equal to (all the 
read debts have been paid back.) 
. The transition also changes the control-state of Af. 

To formally define the set of transitions in T induced by 
discrete transitions, we use a number of definitions. We define 
x - y := m&x(y - x,0). For k e N and an interval X, we 
write k IN X to denote that (k + e) eX for some (equivalently 
all) e : < e < 1. During the simulation phase, there are 
two mechanisms for simulating the effect of a token traveling 
through (input, read, or output) arc in Af, namely, (i) by 
letting a token travel from (or to) a corresponding place; 
and (ii) by "taking debt". Therefore, we define a number of 
"transformers" that translate tokens in Af to corresponding 
ones in T as follows: 

. ZeroPlaceTransf (p,X) := 
{ZeroPlace (p,k) | (0 < k < cmax + 1) A (k e X)}. 
The AA-token is simulated by a T-token in a place that 
represent tokens with zero fractional parts. 

. LowPlaceTransf (p,X) := 
{LowPlace (p, k) \ (0 < k < cmax + 1) A (k IN X)}. 
The AA-token is simulated by a T-token in a place that 
represent tokens with low fractional parts. Notice that 
we use the relation IN since the fractional part of the 
token is not zero. 

• HighPlaceTransf (p,X) := 
{HighPlace (p, k) j (0 < k < cmax + 1) A (k IN X)}. 
The A/"-token is simulated by a T-token in a place that 
represent tokens with high fractional parts. 

. InputDebtTransf (p,X) := 
{InputDebt (p,k) \ (0 < k < cmax + 1) a (k IN X)}. 
The AA-token is simulated by taking debt on an input 
token. 

. ReadD ebt Trans f (p,X) := 
{ReadDebt (p, k) \ (0 < k < cmax + 1) a (k IN X)}. 
The AA-token is simulated by taking debt on a read 
token. 

We extend the transformers to multisets, so for a multiset b = 
[(pi,Xi) , . . . ,(pi,Xi)], we define ZeroPlaceTransf (b) := 
{[(pi, fci) , . . . , (p e , k e )]\ Vi:l<i<£: ( Pl , h) e 
ZeroPlaceTransf (pi,Xi)}. We extend the other definition to 
multisets analogously. 

An RDebt-mapping a is a function that maps each 
RDebt (p, k) to a value in {0, . . . , Rmax}. In other words, 
the function describes the state of the debt on read tokens. 

Now, we are ready to define the transitions in T that are 



induced by discrete transitions in Af. Each such a transition is 
induced by a number of objects, namely: 

. A transition t = (qi,q2, In, Read, Out) e T. This is the 

transition in Af that is to be simulated in T. 
. The current remaining cost y : Cost (t) < y < y. Ln it- The 

remaining cost has to be at least as large as the cost of 

the transition to be fired. 
. An RDebt-mapping a describing the current debt on read 

tokens. 

. Multisets In Zero , In Low , In Hl 3 h , In Debt where In = 
In Zero + In Low + In m g h + In Debt _ intuitively, the tokens 

traveling through arcs of t are covered by fours types of 
tokens: 

- In Zero : Af- tokens that will be transformed into T- 
tokens in places encoding ages with zero fractions 
parts. 

- In Low : Af- tokens that will be transformed into T- 
tokens in places encoding ages with low fractions 
parts. 

_ j n Hl 9h- TV"- tokens that will be transformed into T - 
tokens in places encoding ages with high fractions 
parts. 

- In Debt : A/"-tokens that will be covered by taking 
debt. 

. Multisets Read Zero , Read Low , Read mgh , Read Deht 
where Read = Read Zero + Read Low + Read m s h + 
Read Debt . The roles of these multisets are similar to 
above. 

. Multisets Out Zero , Out Low , Out Hl9h where Out = 
Out Zero + Out Low + Out Hlgh + Out Debt . The roles of the 
multisets Out Zero , Out Low , Out m s h are similar to their 
counter-parts above. 

For each such a collection of objects (i.e., for each 

t, < y < y lmt , a, In Zero , In Low , In m s h , In Debt , 
Read Zero , Read Low , Read m s h , Read Debt , 
Out Zero , Out Low , Out m 9 h ), we add the transition generator 
9 where: 

. PreCond(6>) = {Mode = Disc,NState = (qi,y)}ua, i.e., 
the current mode is Disc, the current state of Af is (qi,y), 
and the current debt on read tokens is given by a. 
. PostCond(6>) = 

Mode <- Sim, NState <- (q2,y - Cost (t))} u 
RDebt (p, k) max(a - In Debt ' , Read Debt ' )(p, k)\ 
p e P) a (0 < k < cmax + 1)}, where 

- In Debt ' = InputDebtTransf (ln Debt ). 

- Read Debt ' = ReadDebtTransf (Read Debt ). 
In other words, we change the mode back to Sim, and 
change the control-state of Af to (q2,y~ Cost (t)). The 
new read debts are defined as follows: We reduce the 
current debt a using the new debt on input tokens In Debt , 
then we update the amount again using the new debt 
Read Debt '. 

. In (6>) = In Zero ' + In Low ' + In Hl 9 h ' + Read Zero ' + 
Read Low ' + Read mgh ', where 



- In Zero ' = ZeroPlaceTransf (ln Zero ). 

- In Low ' = LowPlaceTransf (ln Low ). 

- In m 9' 1 ' = HighPlaceTransf (ln Hl9h ). 

- Read Zero ' = ZeroPlaceTransf (Read Zero ). 

- Read Low ' = LowPlaceTransf (Read Low ). 

- Read Hl9h ' = HighPlaceTransf (Read Hl9h ). 

The multisets In Zero , In Low , In Hlgh represent tokens that 
will consumed due to input arcs. These tokens are dis- 
tributed among places according to whether their frac- 
tional parts are zero, low, or high. A similar reasoning 
holds for the multisets Read Zero , Read Low , Read m s h . 
. Out (9) = Out Zero ' + Out Low ' + Out Hl9h ' + Out Debt ' + 
Read Zero ' + Read Low ' + Read Hlgh ' ', where 

- Out Zero ' = ZeroPlaceTransf (Out Zero ). 

- Out Low ' = LowPlaceTransf (Out Low ). 

- Out Hlgh ' = HighPlaceTransf {Out Hlgh ). 

- Out Debt ' = HighPlaceTransf (ln Debt ). 

- Read Zero ' = ZeroPlaceTransf (Read Zero ). 

- Read Low ' = LowPlaceTransf (Read Low ). 

- Read m 3 h ' = HighPlaceTransf (Read m 3 h ). 

The read multisets are defined in the previous item. 
The multisets Out Zero , Out Low , Out mgh play the same 
roles as their input and read counterparts. The multiset 
Out Debt represents the increase in the debt on read 
tokens. 

Transitions of Type 1 The simulation of a type 1 transition 
is started when the mode is Type 1.1. We recall that a type 
1 transition encodes that time passes so that all tokens of 
integer age in bo will now have a positive fractional part, but 
no tokens reach an integer age. This phase is performed in two 
steps. First, in Type 1.1 (that is repeated an arbitrary number of 
times), some of these tokens are used for covering the multisets 
of Mfi n in a similar manner to the previous phases. In the 
second step we change mode to Type 1.2, at the same time 
switching on or off the component CoverFlag in a similar 
manner to the initialization phase. In Typel.2, the (only set) 
transfer transitions encodes the effect of passing time. More 
precisely all tokens in a place ZeroPlace (p, k) will be moved 
to the place LowPlace (p, k), for k : 1 < k < cmax + 1. From 
Typel.2 the mode will be changed to Type2.1. 

To describe Type 1.1 formally we add, for each i : 1 < i < n, 
j : 1 < j < n i7 p € P, k : < k < cmax + 1 with (p, k) = 
(pij,kij), a transition generator 9 where: 

. PreCond(6>) = {Mode = Typel.l, CoverFlag = 

true, Coverlndex = i}. 
. PostCond(6>) = {FState(i,j) ^ true}. 
. In (9) = {ZeroPlace (p, k)}. 
. Out (9) = 0. 

On switching to Typel.2, we change the variables 
CoverFlag and Coverlndex in a similar manner to the 
previous phases. Therefore, we add the following transition 
generators: 



(i) For each i : 1 < i < n, and i' : -m < i' < i, we add 9 
where: 

. PreCond(6>) = {Mode = Typel.l, CoverFlag = 

true, Coverlndex = i}. 
. PostCond(#) = {Mode <- Type 1.2 CoverFlag = 

off, Coverlndex = i'}. 
. In(6») = 0. 
. Out (6») = 0. 

(ii) For each i : 1 < i < n, and i' : -m < i' < i, we add 
where 

. PreCond(#) = {Mode = Typel.l, CoverFlag = 

true, Coverlndex = i}. 
. PostCond(#) = {Mode <- Typel.2, Coverlndex <- i'}. 
. In =0. 
. Out (9) = 0. 

(iii) We add 9 where: 

. PreCond(6>) = {Mode = Typel.l, CoverFlag = off}. 
. PostCond(#) = {Mode <- Typel.2}. 
. In (8) = 0. 
. Out (9) = 0. 

(iv) We add 9 where: 

. PreCond(6») = {Mode = Typel.l, CoverFlag = off}. 
. PostCond(#) = {Mode <- Typel.2, CoverFlag <- on}. 
. In (6) = 0. 
. Out (9) = 0. 

The set of transfer transitions is defined by the transfer 
transition generator 9 

. PreCond(6>) = {Mode = Typel.2}. 
. PostCond(6>) = {Mode <- Type2.1}. 
. In(6») =0. 
. Out (9) = 0. 

. ST (9) = {(ZeroPlace (p, k) , LowPlace (p, k)) \ 

(p e P) A (0 < k < cmax + 1)}. 

Transitions of Type 2 Recall that transitions of type 2 
encode what happens to tokens with the largest fractional 
parts when an amount of time passes sufficient for making 
these ages equal to the next integer (but not larger.) There 
are two sources of such tokens. The generation of tokens 
according to these two sources divides the phase into two 
steps. The first source are tokens that are currently in places 
of the form HighPlace (p, k). In Type2.1, (some of) these 
tokens reach the next integer, and are therefore moved to 
the corresponding places encoding tokens with zero fractional 
parts. As mentioned above, only some (but not all) of these 
tokens reach the next integer. The reason is that they are 
generated during the computation (not by A), and hence they 
have arbitrary fractional parts. 

The second source are tokens that are provided by the 
automaton A (recall that these tokens are not generated during 
the initialization phase.) In Type2.2, we run the automaton 

A one step at a time. At each step we generate the next 

( P ,fe) 

token by taking a transition q\ — ► q 2 . In fact, such a token 
(p, k) is used in two ways: either it moves to the place 
ZeroPlace (p, k), or it is used to pay the debt we have taken 



on tokens. The debt is paid back either (i) by removing a token 
from InputDebt(p,k); or (ii) by decrementing the value of 

the variable RDebt (p, k). A transition q\ — > q 2 means that 
we have read the last element of the current multiset. This 
finishes simulating the transitions of type 1 and 2 and the 
mode is moved back to Sim starting another iteration of the 
simulation phase. 

Formally, we describe the movement of tokens in Type 2.1 
by adding, for each pe P and k : < k < cmax+1, a transition 
generator 9 where: 

. PreCond(6>) = {Mode = Type2.1}. 

. PostCond(#) = 0. 

. In (9) = {HighPlace (p,k)}. 

• Out (9) = {ZeroPlace (p, max(fc + 1, cmax + 1))}. 
At any time, we can change mode from Type2.1 to Type2.2: 

. PreCond(6») = {Mode = Type2.1}. 
. PostCond(6>) = {Mode = Type2.2}. 
. In (61) = 0. 
. Out (9) = 0. 

We can also move back from Type2.1 to Sim without letting 
the automaton generate any tokens: 

. PreCond(6») = {Mode = Type2.1}. 
. PostCond(6>) = {Mode = Sim}. 
. In (6>) = 0. 
. Out (9) = 0. 

We simulate Type2.2 as follows. To describe the movement of 
tokens places representing tokens with zero fractional parts we 

(p.k) 

add, for each transition q\ — ■* q 2 in A, a transition generator 
9 where: 

. PreCond(6») = {Mode = Type2.2, AState = qi}. 
. PostCond(6>) = {AState ^ q 2 }. 
. In(6>) = 0. 

. Out (9) = {ZeroPlace {p, k)}. 
To describe the payment of debts on input tokens we add, for 

(p.k) 

each transition qi — -» q 2 in A, a transition generator 9 where: 

. PreCond(6») = {Mode = Type2. 2, AState = qi}. 
. PostCond(6>) = {AState <- q 2 }. 
. In(6>) = {InputDebt (p,k)}. 
. Out (9) = 0. 

To describe the payment of debts on read tokens we add, for 

each transition qi — ■* q 2 in A, and r : 1 < r < Rmax, a 
transition generator 9 where: 

. PreCond(6>) = {Mode = Type2. 2, AState = q x , 

RDebt (p, k) =r}. 
. PostCond(6>) = {AState ^ q 2 , RDebt (p,k) <-r-l}. 
. In (6>) = 0. 
. Out (9) = 0. 

As usual, transition qi — ► q 2 in A indicates means that 
we have read the last element of the current multiset. We 
can now move back to the mode Sim, changing the variables 
CoverFlag an Coverlndex in a similar manner to the previ- 
ous phases. 



(i) For each transition of the form q\ — ► q 2 in A , i : 1 < 
i < n, and i' : -m <i'<i, we add where: 

. PreCond(6>) = {Mode = Type2.2, AState = q u 

CoverFlag = true, Cover Index = i}. 
. PostCond(0) = {Mode <- Sim,AState <- 172, 

CoverFlag «- of f , Coverlndex «- i'}. 
. In =0. 
. Out (0) = 0. 

(ii) For each transition q\ — ► q 2 in A, i ■ 1 < i < n, and 
i' : -m <i' <i, we add where: 

. PreCond(0) = {Mode = Type2. 2, AState = q u 

CoverFlag = true, Coverlndex = i}. 
. PostCond(0) = {Mode <- Sim,AState <- 172, 

CoverFlag = on, Coverlndex = i'}. 
. In (0) =0. 
. Out (0) = 0. 

(iii) For each transition q x — > q 2 in A, we add 9 where: 

. PreCond(0) = {Mode = Type2. 2, AState = q u 

CoverFlag = off}. 
. PostCond(0) = {Mode <- Sim, AState <- q 2 }. 
. In(0) =0. 
. Out (9) = 0. 

(iv) For each transition gi — ► q 2 in .4, we add 9 where: 

. PreCond(0) = {Mode = Type2. 2, AState = q u 

CoverFlag = off}. 
. PostCond(0) = {Mode <- Sim,AState <- 172, 

CoverFlag = on}. 
. In(0) =0. 
. Out (9) = 0. 

The Final Phase From the simulation mode we can at any 
time enter the final mode. 

. PreCond(0) = {Mode = Sim}. 

. PostCond(0) = {Mode <- Finall}. 

. In (0) = 0. 

. Out (9) = 0. 

The main tasks of the final phase are (i) to cover the multisets 
in Mfi n ; and (ii) to continue paying back the debt tokens 
(recall that the debt was partially paid back in the simulation 
of type 2 transitions.) At the end of the final phase, we expect 
all tokens in Mfi n to have been covered and all debt to have 
been paid back. The final phase consists of two modes. In 
Finall we cover the multisets in Mfi n using the tokens that 
have already been generated. In Final2, we resume running 
A one step at a time. The tokens generated from A are used 
both (i) for paying back debt; and (ii) for covering the multisets 
. . . , 6_ m (in that order.) 
Formally, we add the following transition generators. First, 

we continue covering the multisets 61, , 6„. For each pe P, 

1 < i < n, and 1 < j < rii with (pij,hj) = (p, k), we add 9 
where: 

. PreCond(6>) = {Mode = Finall}. 

. PostCond(#) = {FState(i,j) <- true}. 

. In(0) = LowPlace(/j,£). 



. Out(0) = 0. 

We cover the multiset 60 by moving tokens from places of the 
form ZeroPlace(p, k). For each p e P and 1 < j < n with 
(Poj,k j) = (p,k), we add 9 where: 

. PreCond(0) = {Mode = Finall}. 

. PostCond(6>) = {FState(0,j) <- true}. 

. In (9) = ZeroPlace (p, t). 

. Out (9) = 0. 

We also cover the multisets b-i,. . . ,b- m by moving tokens 
from places of the form HighPlace (p, k). For each p e P, 

-m <i< -1, 1 < j < rii with (pij,kij) = (p,k), we add 9 
where: 

. PreCond(6») = {Mode = Finall}. 
. PostCond(6>) = {FState(i,j) <- true}. 
. In(0) = HighPlace (p,t). 
. Out (0) = 0. 
We can change mode to Final2 
. PreCond(0) = {Mode = Finall}. 
. PostCond(0) = {Mode <- Final2}. 
. In(0) = 0. 
. Out (0) = 0. 

In Final2, we start running A. The tokens can be used for 

(p»*0 

paying input debts. For each transition q\ — > q 2 in A, we 
add where: 

. PreCond(0) = {Mode = Final2, AState = qi}. 

. PostCond(0) = {AState <- q 2 }. 

. In(0) = {InputDebt (p,k)}. 

. Out (0) = 0. 

The tokens can also be used for paying read debts. For each 

(p,fc) 

transition q\ — ► q 2 in A, and k : 1 < r < Rmax, we add 
where: 

. PreCond(0) = {Mode = Final2, AState = q\, 

RDebt (p,k) =r}. 
. PostCond(0) = {AState t- q 2 , RDebt (p, k) <- r - 1}. 
. In(0) = 0. 
. Out (0) = 0. 

Finally, the tokens can be used for covering. For each transition 

(p.fe) 

qi — > q 2 in A, i ■ -m < i < -1, j : 1 < j < rii, V 6 °> 
k ■■ < k < cmax + 1 with (p,k) = (Pi,j,kij), we have 
where: 

. PreCond(0) = {Mode = Final2, CoverFlag = 

true, Coverlndex = i}. 
. PostCond(0) = {FState(z,j) <- true}. 
. In(0) = 0. 
. Out (0) = 0. 

A transition qi — > q 2 in A indicates means that we have read 
the last element of the current multiset. We now let A generate 
the next multiset. We change the variables CoverFlag an 
Coverlndex in a similar manner to the previous phases. 

(i) For each transition of the form q\ — > q 2 in A , i ■ -m < 
i < -1, and i' : -m <i' < i, we add where: 

. PreCond(0) = {Mode = Final2, AState = qi, 
CoverFlag = true, Coverlndex = i}. 



. PostCond(#) = {AState <- q 2 , CoverFlag <- 

off, Cover Index «- i'}. 
. In(0) =0. 
. Out (9) = 0. 

(ii) For each transition q\ — > q 2 in A, i : 1 < i < n, and 
i' : -to < i' <i, we add where: 

. PreCond(6>) = {Mode = Final2, AState = q u 

CoverFlag = true, Coverlndex = i}. 
. PostCond(#) = {AState <- 172, Coverlndex <- i'}. 
. In(0) =0. 
. Out (0) = 0. 

$ 

(iii) For each transition qi — ► g 2 in A, we add where: 

. PreCond(6>) = {Mode = Final2, AState = 171, 

CoverFlag = off}. 
. PostCond(#) = {AState *- q 2 }. 
. In(0) =0. 
. Out (9) = 0. 

$ 

(iv) For each transition qi — ► q 2 in A, we add 9 where: 

. PreCond(0) = {Mode = Final2, AState = q t , 
CoverFlag = off}. 

• PostCond(0) = {AState *- (^CoverFlag *- on}. 
. In(0) =0. 

. Out (9) = 0. 

The Set Cj nal The set Cj nal contains all configurations 
((fy^M^) satisfying the following conditions: 

. qJ„(NState) = q fin . The AC-PTPN is in its final control- 
state. 

• (^(FState (i, j)) = true for all i : -m < i < n and 
1 <j <rii. We have covered all tokens in Mfi n . 

. qJ„(RDebt(p, k)) = for all p e P and k : < k < 
cmax + 1. We have paid back all debts on read tokens. 

. M fin (InputDebt (p, k)) = 

for all p e P and < k < cmax + 1. We have paid back 
all debts on input tokens. 

We give an example of a concrete computation that give 
rise to the above abstract computation. 



